This week's articles
Remote Workstations for the Discerning Artists
#aws, #build
Interesting post describing how Netflix provisions the so called "Netflix Workstations", which are remote workstations that allow content creators to get to work wherever they are.
Helm 2nd Security Audit
#k8s, #defend
Helm has now completed a second security audit, funded by the CNCF. The first audit focused on the source code for the Helm client along with the process Helm uses to handle security. The second audit, performed by Trail of Bits, looked at the source code for the Helm client along with a threat model for the use of Helm.
Cloud Native Security Checklist
#k8s, #iac, #defend
Checklist from PaloAlto offering best practices that can help an organization develop a comprehensive cloud native security strategy.
Export GCP resources into Terraform
#gcp, #terraform, #iac
Did you create resources in GCP via gcloud or the console but want to turn it into Terraform? Now you can export the config with: "gcloud alpha resource-config bulk-export --resource-format=terraform".
Q1/Q2 2021 OPA Roadmap
#opa, #build
The OpenPolicyAgent roadmap has been updated. Delta bundles, persistent store, type checking, policy metadata and a new Go SDK just a few of many planned improvements.
|
|
Tools
AzureAD-Attack-Defense
Collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
policy-bot
A GitHub App that enforces approval policies on pull requests.
|
|
CloudSecDocs
AWS - Logging
A collection of resources discussing logging strategies in AWS.
|
|
From the cloud providers
AWS Security Hub adds 25 new controls to its Foundational Security Best Practices standard
AWS Security Hub has released 25 new controls for its Foundational Security Best Practice standard. These controls conduct fully automatic checks against security best practices for API Gateway, Cloudfront, DynamoDB, EC2, EFS, ES, RDS, RedShift, SNS, ELB, and KMS.
A guide to data protection offerings in Google Cloud
Storage and backup administrators have a key role to play in cloud adoption, and Google Cloud has developed a number of data protection offerings to help administrators excel in their role and meet operational and compliance requirements.
Introducing Cloud Code Secret Manager Integration
Secret Manager is a Google Cloud service that provides a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Integrating Cloud Code with secret manager brings the powerful capabilities of both these tools together. Cloud Code makes it easy to create and manage your secrets right from within your preferred IDE, whether that be VS Code, IntelliJ, or Cloud Shell Editor.
Testing Cloud SQL failover: Where to begin
Some of the key metrics to monitor when testing failover to optimize your application's performance, including the number of database connections, queries per second, CPU and memory utilization of the instance, read/write IOPS, and peak replication lag.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|