This week's articles
Internet-Scale analysis of AWS Cognito Security
#aws, #attack
White-paper containing methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.
Testing HashiCorp Terraform
#terraform, #build
Testing strategies for HashiCorp Terraform modules and configuration, and learn how to run tests against infrastructure.
|
|
Tools
actions2aws
Assume AWS IAM roles from GitHub Actions workflows with no stored secrets.
rpCheckup
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
|
|
CloudSecDocs
Compliance as Code
A collection of tools to manage compliance as code for Terraform, CloudFormation, Docker, and Kubernetes.
|
|
Sponsor CloudSecList
If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at π¨ [email protected] π¨
|
|
|
From the cloud providers
How to protect sensitive data for its entire lifecycle in AWS
How to design a method to protect sensitive data for its entire lifecycle in AWS. This method can help enhance your data security posture and be useful for fulfilling the data privacy regulatory requirements applicable to your organization for data protection at-rest, in-transit, and in-use.
How ERGO implemented an event-driven security remediation architecture on AWS
By implementing this event-driven solution, ERGO was able to increase and maintain automated compliance with CIS AWS Foundation Benchmark Standard to about 95%. The remaining findings were evaluated on case basis, per specific Project requirements. This measurable improvement in ERGO compliance posture was achieved with an end-to-end serverless workflow.
AWS Config now supports Amazon container services
AWS Config now supports ECS, ECR, and EKS in all AWS Regions. With this launch, you can now use AWS Config to monitor configuration data for container-based resources in your AWS account, such as monitoring configuration changes to EKS cluster settings and tracking compliance for cluster configurations.
New Google Cloud firewall features
Google Cloud's hierarchical firewall policies provide new, flexible levels of control so that you can benefit from centralized control at the organization and folder level, while safely delegating more granular control within a project to the project owner.
Inventory management with BigQuery and Cloud Run
Many people think of Cloud Run just as a way of hosting websites. Cloud Run is great at that, but there's so much more you can do with it. Here we'll explore how you can use Cloud Run and BigQuery together to create an inventory management system.
Azure Arc enabled Kubernetes is now Generally Available
Azure Arc enabled Kubernetes enables you to attach any CNCF-conformant Kubernetes cluster to Azure for management. Your clusters can run anywhere, and if they have connectivity to Azure, onboarding is as easy as deploying the Azure Arc cluster agents using the Azure CLI extension.
Cloud SIEM Innovations from Azure Sentinel
Learn about the latest innovations in the Azure Sentinel cloud SIEM solution at Microsoft Ignite 2021. Respond to threats more quickly with cloud SIEM + XDR, enhanced security automation, Jupyter Notebooks and more.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! π If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|