This week's articles
Four steps for hardening Amazon EKS security
#aws, #defend, #kubernetes
Best practices for hardening AWS EKS clusters, including the importance of dedicated continuous delivery IAM roles, multi-account architecture for cluster isolation, and how to encrypt secrets in the control plane.
Bye bye bastion hosts...Hello AWS IAM!
#aws, #defend
How Segment got rid of SSH bastion hosts, reducing cost, complexity, and maintenance of their infrastructure, as well as eliminating the need to distribute SSH Keys. Last but not least, they reduced their attack surface by not having any SSH port open to the world.
Kubernetes monitoring with Prometheus, the ultimate guide
#kubernetes, #monitor
How to implement Kubernetes monitoring with Prometheus, by learning how to deploy a Prometheus server and metrics exporters, setup kube-state-metrics, pull and collect those metrics, and configure alerts with Alertmanager and dashboards with Grafana.
Azure Flow Log Analysis
#azure, #monitor
Azure flow logs don't have the same instance ID that AWS flow logs do. So how do you figure out which VM the logs came from?
What Is Workload Security? On-Premises, Cloud, Kubernetes, and More
#explain, #kubernetes
Different workloads have different characteristics, and the best platform for a particular workload to run on depends on the nature of the specific workload. Workloads and their layers of abstraction need to be addressed independently since the workflow of its users will vary between use cases.
|
|
Tools
mizu
A simple-yet-powerful API traffic viewer for Kubernetes to help you troubleshoot and debug your microservices. Think TCPDump and Chrome Dev Tools combined.
rbac-manager
A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
domain-protect-gcp
Scans Google Cloud DNS across a GCP Organization for domain records vulnerable to takeover.
trackiam
A project to collate IAM actions, AWS APIs and managed policies from various public sources.
|
|
From the cloud providers
Modernizing SOC ... Introducing Autonomic Security Operations
Google announced Autonomic Security Operations, a stack of products, integrations, blueprints, technical content, and an accelerator program to enable customers to take advantage of Google's technology stack built on Chronicle and Google's deep security operations expertise.
Azure Active Directory security operations guide
Microsoft has published an Azure AD security operations guide. It covers identity security configurations and their monitoring (including user/privileged accounts, apps, devices, infrastructure).
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|