#kubernetes, #monitor

Really interesting walkthrough on how to use Falco to monitor the network traffic of your Pods.

#opa, #build

How to set up Open Policy Agent/Gatekeeper as your Kubernetes admission webhook to enforce policies on your Kubernetes cluster.

#opa, #kubernetes, #build

You can hook up Kuma to OPA, so that then whenever an external request comes in, Kuma will send the agent an authorization query that says, "Hey, is this API call authorized or not?". OPA returns that authorization decision and Kuma is responsible for enforcing it.

#ci/cd, #build

How to leverage GitOps to continuously enforce cloud security guardrails as infrastructure is developed, delivered, and deployed.

#docker, #opa, #build

Post teaching best practices to write Dockerfiles using BuildKit features and linters, as well as leveraging OPA to write custom policies.

#aws, #attack

Interesting writeup for the HackerOne CTF organised together with AWS.

#aws, #attack

A list of IAM permissions that gate calls that could be potentially expensive or result in a long-term commitment.

#kubernetes, #explain

How to alter etcd-stored values without using any common Kubernetes tooling like its native CLI utilities or even API.

#kubernetes, #explain

Much like implementing observability within microservice systems, you often don't realize that you need human service discovery until it's too late. Don't wait until something is on fire in production to start wishing you had implemented better metrics and also documented how to get in touch with the part of your organization that looks after it.

#kubernetes, #explain

Kubernetes announced the Gateway API to standardise underlying route matching, traffic management, and service exposure.

Terraform module which automates the setup of roles and users needed to perform a security audit of AWS accounts in an Hub and Spoke model. The concepts behind it are detailed in Cross Account Auditing in AWS and GCP.

Kube-burner is a tool aimed at stressing Kubernetes clusters by creating or deleting a high quantity of objects. You can also refer to the companion blog post.

Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services.

Find license compliance and security issues in your applications with FOSSA in Github Actions, using FOSSA CLI V2.

Censors or hides shell / Bash / console output based on defined patterns - great for hiding secrets in demos.

Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster.

A collection of resources and utils helpful when building applications for Kubernetes

IAM is increasing visibility into access history by extending last accessed information to EC2, IAM, and Lambda management actions. This makes it easier for you to analyze access and reduce EC2, IAM, and Lambda permissions by providing the latest timestamp when an IAM user or role accessed an action.

Architecture principles for a migration approach from a Full Stack on-premises SWIFT infrastructure to AWS.

AWS Secrets Manager now enables you to securely retrieve secrets from AWS Secrets Manager for use in EKS pods.

A new whitepaper explains how security teams that want to hold their own keys can use Google Cloud External Key Manager to do so.

Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.

A deeper look at the storage infrastructure behind your VMs, specifically the Colossus file system, and how it helps enable massive scalability and data durability for Google services as well as your applications.

How to configure single sign-on between Azure Active Directory and AWS Single-Account Access.

How to make CrowdSec and Docker Compose work together to protect applications exposed in containers.