Release Date: 04/07/2021 | Issue: 94
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

🤔 Know someone who needs help with mapping their attack surface? 📡
Then you may want to send them this webinar! Understanding the extent of your attack surface is top of mind for many defenders today. How do you do this in a way that can match the pace of the bad actors out there? Detectify and Cybelangel dive into this topic that goes into some research and use cases to present options on how to tackle this going forward.
View the webinar on demand on Brighttalk

This week's articles

How we prevented subdomain takeovers and saved $000s   #aws, #defend
How the OVO team developed Domain Protect, an open source tool for automated scanning of cloud infrastructure for subdomains vulnerable to takeover.

The Gamer Guide to Playing Amazon Web Services (AWS)   #aws, #explain
This is such a nice article, sharing a getting started guide for AWS, in a similar style to the getting started guides that many experienced MMORPG players write for new players.

Onboarding Applications to Vault Using Terraform: A Practical Guide   #vault, #explain
How to build an automated HashiCorp Vault onboarding system with Terraform using sensible naming standards, ACL policy templates, pre-created application entities, and workflows driven by VCS and CI/CD.

Seeding HashiCorp Vault With Terraform at Form3   #vault, #terraform, #explain
Talk explaining how the Form3 team created a repeatable process to automate the setup of Vault using Terraform.

Detect Malicious Behaviour on Kubernetes API Server through Audit Logs   #kubernetes, #falco, #monitor
How to use Kubernetes Audit Logs as an event source that Falco can consume. You can also refer to the companion repo.

Best practices for securing Identity and Access Management on AWS   #aws, #defend, #iac
Post looking at different approaches to help keep IAM configuration tidy, auditable and right-sized.

Uncomplicate Security for developers using Reference Architectures   #aws, #build
Walk through some of the salient features of a meaningful security reference architecture and the process required to develop one.

Getting Started with ArgoCD on Kubernetes   #kubernetes, #build
Guide explaining how to install, configure, and run ArgoCD in Kubernetes.

Google Compute Engine (GCE) VM takeover via DHCP flood   #gcp, #attack
An advisory about an unpatched vulnerability affecting virtual machines in GCP. Attackers could take over virtual machines over the network due to weak random numbers used by the ISC DHCP software, and an unfortunate combination of additional factors.

Azure Persistence with Desired State Configurations   #azure, #attack
How the Desired State Configuration (DSC) VM extension can be abused by anyone with the Contributor role in an Azure subscription to run arbitrary commands, with built-in functionality for recurring commands and persistence.

Integrating Jira and Security Scorecard with AWS Step Functions   #aws, #build
A reference design using step functions to integrate Jira with Security Scorecard.


Automation first no-code platform designed and developed for Security Orchestration and Response.

Cloud-native AuthN/AuthZ enforcer to protect your APIs.

Distribution is the open source code that is the basis of the container registry that is part of Docker Hub, and also many other container registries. It has been recently donated to the CNCF.

Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

From the cloud providers

AWS Icon  AWS Security Reference Architecture: A guide to designing with AWS security services
AWS announced the publication of the AWS Security Reference Architecture (AWS SRA). This is a comprehensive set of examples, guides, and design considerations that you can use to deploy the full complement of AWS security services in a multi-account environment that you manage through AWS Organizations.

AWS Icon  How Banks Can Use AWS to Meet Compliance
Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives.

AWS Icon  IAM Access Analyzer adds new policy checks to help validate conditions during IAM policy authoring
IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations.

AWS Icon  AWS Lambda now supports SASL/PLAIN authentication for functions triggered from self-managed Apache Kafka
AWS Lambda functions that are triggered from self-managed Apache Kafka topics can now access usernames and passwords secured by AWS Secrets Manager using SASL/PLAIN.

GCP Icon  Analyze secrets with Cloud Asset Inventory
How to leverage Cloud Asset Inventory to analyze Secret Manager resources.

GCP Icon  Copying log entries
How to manually copy log entries that are already stored in Cloud Logging buckets to Cloud Storage buckets.

GCP Icon  Integrating Cloud DNS with GKE
Google announced the release of container-native Cloud DNS, the native integration of Cloud DNS with GKE to provide in-cluster Service and Pod DNS resolution.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.