CloudSec Wine

🔶How to detect suspicious activity in your AWS account by using private decoy resources AWS’s Maitreya Ranganath and Mark Keating describe how you can create low-cost private decoy AWS resources in your AWS accounts and configure them to generate alerts when they are accessed. https://aws.amazon.com/ru/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources #aws

🔶How to detect suspicious activity in your AWS account by using private decoy resources AWS’s Maitreya Ranganath and Mark Keating describe how you can create low-cost private decoy AWS resources in your AWS accounts and configure them to generate alerts when they are accessed. https://aws.amazon.com/ru/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources #aws

Специальный выпуск Monthly Cloud News, посвященный информационной безопасности в облаке В беседе Антона Черноусова с Алексеем Миртовым и Евгением Сидоровым окунемся в вопросы терзающие безопасников и разработчиков, ведущих проекты в облаке. Темы августовского выпуска: 🔹 IT-сотрудники хотят в облака 🔹 Лучше ли безопаснику в облаке? 🔹 Обсудим топ-рисков ИБ в облаках 🔹 Утечки статических Сredentials 🔹 DevSecOps как симбиоз полезных практик для разработки 🔹 Audit Trails и все все все... 🔹 Повышение культуры разработки через обучение ИБ Регистрируйтесь! #advertising

🔶How to setup geofencing and IP allow-list for Cognito user pool AWS announced a new feature this week that lets you enable WAF protection for Cognito user pools. And one of the things you can do with this is to implement geo-fencing and IP allow/deny lists. https://theburningmonk.com/2022/08/how-to-setup-geofencing-and-ip-allow-list-for-cognito-user-pool #aws

🔶Three Guardrails for AWS Lambda Three guardrails you can put in place around that Lambda code: code signing, function versions and aliases, and Amazon CodeGuru Reviewer. https://blog.symops.com/2022/08/17/lambda-guardrails #aws

🔴 GCP: Monitor IAM role assignments via Log Alerts in GCP How to create Log alerts in GCP to track specific IAM role assignments. https://medium.com/google-cloud/audit-iam-role-assignments-in-gcp-through-log-alerts-3bcdf3d7a504 #gcp

🔷Automating Insecurity In Azure Slides of the homonym talk at @cloudvillage_dc (on Twitter). https://notpayloads.blob.core.windows.net/slides/DC-AzureAutomationAccounts.pdf #azure

🔶awslabs/assisted-log-enabler-for-aws Assisted Log Enabler for AWS is for customers who do not have logging turned on for various services, and lack knowledge of best practices and/or how to turn them on. https://github.com/awslabs/assisted-log-enabler-for-aws #aws

🔶Granted Approvals - an Open Source Permission Management Framework "We’ve designed Approvals so that it only has the ability to assign roles to existing users, rather than create new roles or new users. By design, the blast radius of Granted Approvals being compromised is that existing users in your directory could be granted access to roles, rather than external users being created. Better yet — Approvals is deployed as a serverless application which runs in your own AWS account, so Common Fate won’t have access to any data in your Granted Approvals deployment." https://commonfate.io/blog/granted-approvals-release #aws

🔶 How to manage Route53 hosted zones in a multi-account environment How to manage Route53 hosted zones in a multi-account environment so each account has full authority over its subdomain. https://theburningmonk.com/2021/05/how-to-manage-route53-hosted-zones-in-a-multi-account-environment #aws

🔶 AWS Account Setup and Root User A guide through the introductory steps to configure contacts for an AWS account & secure the root user. https://wellarchitectedlabs.com/security/100_labs/100_aws_account_and_root_user #aws

🔷🔴 The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others. https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities #azure #gcp

🔶🔷🔴 HashiCorp State of Cloud Strategy Survey Insights from HashiCorp’s 2022 State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting. Forrester surveyed more than 1,000 technology practitioners and decision makers from around the world, drawn from random samplings as well as the HashiCorp opt-in contact database. Some stats that stuck out to us: 1️⃣ 81% of companies are or are planning to use multiple cloud providers 2️⃣ 86% have a centralized function or group responsible for cloud operations or strategy https://www.hashicorp.com/state-of-the-cloud #aws #azure #gcp

🔶 Setup GitHub Codespaces with AWS IAM Roles Anywhere Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces. https://devopstar.com/2022/08/01/github-codespaces-and-iam-roles-anywhere #aws

🔶 Setup GitHub Codespaces with AWS IAM Roles Anywhere Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces. https://devopstar.com/2022/08/01/github-codespaces-and-iam-roles-anywhere #aws

🔶 Uncomplicate Security for developers using Reference Architectures Post walking through some of the salient features of a meaningful security reference architecture and the process required to develop one, as well as looking at the challenges that one might expect to face. https://anunay-bhatt.medium.com/embedding-security-into-sdlc-using-reference-architectures-for-developers-29403c00fb3d #aws

🔶 AWS Security by Dylan Shields An excellent book by software engineer working on Quantum Computing at Amazon Dylan Shields describing that running your systems in the cloud doesn’t automatically make them secure. Learn the tools and new management approaches you need to create secure apps and infrastructure on AWS. #aws

🔶 Dependency confusion in AWS CodeArtifact At the time of the finding Code Artifact did not have any features to specify which packages were internal and therefore should not be pulled from public repositories. https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d?gi=eb56bfabbd85 #aws

🔶 AWS glossary and fwd:cloudsec 2022 Hundreds of AWS product names and terms, described in a sentence or two, by Amazon. https://docs.aws.amazon.com/general/latest/gr/glos-chap.html Also a nice YouTube playlist is now live! Some excellent talks, as always. https://www.youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy #aws