White-paper containing methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.

Blog showing how to download and search EBS snapshots locally, and introducing a new Python library called dsnap, as well as a new ebs__download_snapshots Pacu module.

BridgeCrew released an opensource Visual Studio Code extension for Checkov, which provides real-time IaC security and compliance scanning and inline fixes.

I was curious to take a look at GKE Autopilot, so if you don't have time to play with it, I did it for you. (disclaimer: I did write this post)

Testing strategies for HashiCorp Terraform modules and configuration, and learn how to run tests against infrastructure.

Must-know best practices for Red Hat OpenShift security when designing your Kubernetes clusters on OCP.

cert-manager is the de facto solution for managing certificates in Kubernetes, and it can now be used to secure workloads in an Istio service mesh with mTLS, using an issuer of your choice.

This for me was a very interesting article describing the equivalent terminologies, comparisons, and differentiations between HashiCorp Nomad and Kubernetes.

How SolarWinds hackers used AWS and Azure to host their infrastructure.

Assume AWS IAM roles from GitHub Actions workflows with no stored secrets.

rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

A GitHub action that scans Azure resources for policy violations.

A collection of tools to manage compliance as code for Terraform, CloudFormation, Docker, and Kubernetes.

How to automate isolation of an EC2 instance by using a Lambda function that's triggered by tag changes on the instance, as reported by CloudWatch Events.

How to design a method to protect sensitive data for its entire lifecycle in AWS. This method can help enhance your data security posture and be useful for fulfilling the data privacy regulatory requirements applicable to your organization for data protection at-rest, in-transit, and in-use.

By implementing this event-driven solution, ERGO was able to increase and maintain automated compliance with CIS AWS Foundation Benchmark Standard to about 95%. The remaining findings were evaluated on case basis, per specific Project requirements. This measurable improvement in ERGO compliance posture was achieved with an end-to-end serverless workflow.

How teams of all sizes can gain access to world-class security in the cloud without a dedicated security person in their organization.

AWS Config now supports ECS, ECR, and EKS in all AWS Regions. With this launch, you can now use AWS Config to monitor configuration data for container-based resources in your AWS account, such as monitoring configuration changes to EKS cluster settings and tracking compliance for cluster configurations.

Google Cloud's hierarchical firewall policies provide new, flexible levels of control so that you can benefit from centralized control at the organization and folder level, while safely delegating more granular control within a project to the project owner.

Now both logs and metrics are available directly from the GKE Cluster pages. Logs on the details pages are all automatically scoped to the Kubernetes resource to help surface relevant logs quickly.

Google introduced their Trusted Cloud requirements: a secure platform that delivers transparency and enables sovereignty, a proven zero-trust architecture, and a shared fate, not shared responsibility.

Many people think of Cloud Run just as a way of hosting websites. Cloud Run is great at that, but there's so much more you can do with it. Here we'll explore how you can use Cloud Run and BigQuery together to create an inventory management system.

Azure Arc enabled Kubernetes enables you to attach any CNCF-conformant Kubernetes cluster to Azure for management. Your clusters can run anywhere, and if they have connectivity to Azure, onboarding is as easy as deploying the Azure Arc cluster agents using the Azure CLI extension.

Learn about the latest innovations in the Azure Sentinel cloud SIEM solution at Microsoft Ignite 2021. Respond to threats more quickly with cloud SIEM + XDR, enhanced security automation, Jupyter Notebooks and more.