Release Date: 21/03/2021 | Issue: 79
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

✨ All-in-one cloud security with Bridgecrew ✨
Bridgecrew delivers comprehensive security from commit to cloud. Powered by security-as-code, Bridgecrew gives you instant visibility into your cloud security posture and equips you with automated remediation. By embedding security earlier in the development lifecycle, we enable teams to secure their infrastructure without slowing them down. Start codifying your cloud security with Bridgecrew for free! βœ…

This week's articles

Security Logging in Cloud Environments - GCP   #gcp, #monitor
How to design a state of the art multi-account security logging platform in GCP. (Disclaimer: I did write this post).

Stealing arbitrary GitHub Actions secrets   #ci/cd, #attack
Super interesting writeup describing how it was possible to read anyone's GitHub Actions secrets, write to their repositories, and publish many of their packages.

Access GCP from AWS using Workload Identity Federation   #aws, #gcp, #explain
Workload Identity federation allows cloud users to access GCP resources from AWS without the need for service account keys.

Want secure access to (cloud) services from your Kubernetes-based app? GKE Workload Identity is the answer   #gcp, #k8s, #explain
An introduction to GKE Workload Identity, and why it seems like a terrific way to do the right thing.

ECS Fargate threat modeling   #aws, #defend
Fargate helps users offload more security responsibilities to AWS. However, user account security and application security remain crucial. Once an attacker has successfully compromised the Fargate container, it can be used as a base for lateral movement to gain more privileges or access sensitive information.

AWS Access Analyzer Policy Checks Explained   #aws, #explain
What problems AWS Access Analyzer policy checks identify and how to use them to develop secure, valid policies.

Hacking the Cloud   #aws, #azure, #gcp, #attack
Hacking the cloud is an encyclopedia of attacks/tactics/techniques that security professionals can use in offensive engagements.

Using Kubelet Client to Attack the Kubernetes Cluster   #k8s, #attack
Post reviewing different misconfigurations of kubelet which could eventually open avenues to the Kubernetes cluster, as well as several effective mitigation steps.

Best Practices for Monitoring Microsoft Azure Platform Logs   #azure, #monitor
Guide explaining the types and structure of Azure platform logs, alongside detailing key Azure platform logs to monitor.

Detecting MITRE ATT&CK: Privilege escalation with Falco   #k8s, #defend
Walk through of a few techniques that can be classified as MITRE privilege escalation, as well as of some examples of how an open-source tool like Falco can help you detect these container security attacks.

Type checking your Rego policies with JSON schema in OPA   #opa, #build
Article introducing a new feature that enhances OPA's ability to statically type check Rego code by taking into account schemas for input documents. This improves programmer productivity and helps Rego programmers catch errors earlier.

3-Tier Pod Security Proposal   #k8s, #build
A proposal to replace PodSecurityPolicy with a new built-in admission controller that enforces the Pod Security Standards.


Container Signing, Verification and Storage in an OCI registry. You can also check the companion blog post.

Jenkins pipeline shared library for automating deployments via GitOps.


Audit Kubernetes Clusters
Collection of tools useful when auditing a Kubernetes cluster and its RBAC policies.

Sponsor CloudSecList

If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  IAM Access Analyzer Update - Policy Validation
AWS added policy validation to IAM Access Analyzer, aimed to help construct IAM policies and SCPs that take advantage of time-tested AWS best practices. Validation takes place before policies are attached to IAM principals.

AWS Icon  Introducing Amazon S3 Object Lambda - Use Your Code to Process Data as It Is Being Retrieved from S3
AWS announced the availability of S3 Object Lambda, a new capability that allows you to add your own code to process data retrieved from S3 before returning it to an application.

AWS Icon  Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2
AWS announced the ability to "exec" into a container running inside a task deployed on either EC2 or Fargate. This new functionality, dubbed ECS Exec, allows users to either run an interactive shell or a single command against a container.

AWS Icon  Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty
How to use AWS Network Firewall to automatically respond to potential security events within your AWS environment that are detected by Amazon GuardDuty. The goal is to rapidly contain the impact of security events, while providing additional time for follow-up investigation.

AWS Icon  How to auto-remediate internet accessible ports with AWS Config and AWS System Manager
Real-life example on how to document and manage the desired or expected configuration of your AWS resources with tags, as well as how to use AWS Config to assess the compliance of your configuration against your organization's defined requirements by leveraging these tags.

GCP Icon  Transform data to secure it: Use Cloud DLP
Some data modification techniques that you can use to protect your data and the use cases for them.

GCP Icon  Exchange AWS Credentials for GCP Credentials using GCP STS Service
Sample procedure that will exchange a long term or short term AWS credential for a GCP credential.

Azure Icon  Monitoring the Software Supply Chain with Azure Sentinel
Blog looking at why it is important for organizations to monitor their software development, build, and release process to help secure their own internal software supply chains as well as the those of wider industry.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.