Release Date: 27/06/2021 | Issue: 93
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Teleport, an identity-aware access proxy, allows engineers and security professionals to implement industry best practices for SSH and Kubernetes access, meet compliance requirements, prevent data exfiltration, and have complete visibility into access and behavior.
Teleport is the access plane of choice among leading companies.
Learn more today at www.goteleport.com

This week's articles


Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion
Post discussing one of the features of AWS API Gateway, called lambda authorizers, and how the official AWS documentation might have led developers into using it insecurely.   #aws   #attack


Automated Github Backups with ECS and S3
Architecture and implications of an automated process aiming to backup a Github account, relying on ECS Fargate and S3 Glacier. Disclaimer: I did write this post.   #aws   #build


Using Yor for ownership mapping using YAML tag groups
Yor can auto-tag infrastructure with metadata to categorize resources by purpose, owner, team, environment, and more.   #iac   #build


Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
A solution which gives platform users a succinct view about which Gatekeeper constraints are violated by using Prometheus & Grafana.   #kubernetes   #opa


Tech Preview: Docker Dev Environments
With Dev Environments developers can now set up repeatable and reproducible development environments by keeping the environment details versioned in their Software Configuration Management along with their code.   #docker   #build   #announcement


Announcing the Google Workspace Provider for HashiCorp Terraform Tech Preview
A new Terraform provider which allows you to manage users, groups, and domains in your Google Workspace (formerly G Suite).   #terraform   #gsuite   #announcement


Reminder: v1beta1 versions going away in 1.22: CRD and AdmissionWebhookConfiguration
In Kubernetes 1.22, the BETA versions of the CustomResourceDefinition, MutatingWebhookConfiguration, and ValidatingWebhookConfiguration APIs will be removed.   #kubernetes   #announcement


EKS Unchained with eBPF and Bottlerocket
How to install Cilium with kube-proxy replacement in EKS with managed node groups using eksctl.   #aws   #kubernetes   #monitor


Hashcat in AWS EC2
Post covering some of the instance options in EC2, installation of the needed Linux packages, the basic setup of Hashcat, running Hashcat, and finally monitoring and benchmarks of an EC2 instance.   #aws   #attack


Announcing a unified vulnerability schema for open source
The Google Open Source Security team, Go team, and the broader open-source community have been developing a simple vulnerability interchange schema for describing vulnerabilities that's designed from the beginning for open-source ecosystems.   #announcement

Tools


restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.


K8sPurger
Hunt unused resources in Kubernetes.


saffire
A controller to override image sources in the event that an image cannot be pulled.


kubewatch
kubewatch is a Kubernetes watcher that publishes notifications to available collaboration hubs/notification channels. Run it in your k8s cluster, and you will get event notifications through webhooks.


turbolift
A tool to help apply changes across many GitHub repositories simultaneously.

From the cloud providers


#AWS   Customize requests and responses with AWS WAF
How to use AWS WAF's custom responses and request header insertion to improve the security posture of your applications.


#AWS   CloudHSM best practices to maximize performance and avoid common configuration pitfalls
Best practices to help you maximize the performance of your workload and avoid common configuration pitfalls in the following areas: Administration, Configuration, Managing PKI root keys, Performance, and Error handling.


#AWS   Create a portable root CA using AWS CloudHSM and ACM Private CA
How to use ACM Private CA with AWS CloudHSM to operate a hybrid public key infrastructure (PKI) in which the root CA is in CloudHSM, and the subordinate CAs are in ACM Private CA.


#GCP   A blueprint for secure infrastructure on Google Cloud | Google Cloud Blog
The security foundations blueprint identifies core security decisions and guides you with opinionated best practices for deploying a secured Google Cloud environment.


#GCP   Best practices to protect your organization against ransomware threats
Post sharing guidance on how organizations can increase their resilience to ransomware and how some Cloud products and services can help.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini