Cloud Security

[Recap to security, identity, and compliance sessions at AWS re:Invent 2022 AWS Security Blog](

Security state of the Azure DevOps Marketplace

AWS re:Invent 2022 - Context is everything: CNAPP revolution to secure AWS deployments (PRT254) - YouTube

[Three key security themes from AWS re:Invent 2022 AWS Security Blog](
[The anatomy of ransomware event targeting data residing in Amazon S3 AWS Security Blog](
[Updated whitepaper available: AWS Security Incident Response Guide AWS Security Blog](

Cedar: A new policy language – One Cloud Please

Detecting Anomalous AWS Sessions From Temporary Credentials - 1 of 2

[Blog SES-pionage](
[Responding to an attack in AWS. A case study — Part 1 by Invictus Incident Response Jan, 2023 AWS Tip](

PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources

[Recap of AWS re:Invent 2022: An Honest Review Resmo](
[‘Go get your swag!’: Five days living large at a giant Vegas tech-fest The Spinoff](
[AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass Datadog Security Labs](

A Faster Horse – tecosystems

Penetrating the Cloud: Uncovering Unknown Vulns - YouTube

Elastic IP Hijacking — A New Attack Vector in AWS

[Blog Cloud Cred Harvesting Campaign - Grinch Edition](

Crimes against cloud: an investigation - by Forrest Brazeal

The Many Ways to Access RDS

[Microsoft Azure’s defense in depth approach to cloud vulnerabilities Azure Blog and Updates Microsoft Azure](
[A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins Datadog Security Labs](

Compromised Cloud Compute Credentials: Case Studies From the Wild

[Considerations for security operations in the cloud AWS Security Blog](
[Three recurring Security Hub usage patterns and how to deploy them AWS Security Blog](

Noovolari/awesome-cloudops: A curated list of tools and best practices for CloudOps

Abusing Misconfigured ECR Resource Policies - Hacking The Cloud

[Automated Cleanup of Unused Google Cloud Projects Google Cloud Blog](
[Establishing a data perimeter on AWS: Allow only trusted identities to access company data AWS Security Blog](

The Many Ways to Access RDS

[Cloud Security Table Top Exercises by Matt Fuller Level Up Coding](
[ part 1: “Open To The Public” CTF walkthrough by Pawel Rzepa Nov, 2022 InfoSec Write-ups](


Finding the “minimum permissions” for an IAM policy can feel like playing a game of Whac-A-Mole. Our latest blog post discusses best practices for defining least privilege IAM policies so you can avoid the back-and-forth.

[How to use trust policies with IAM roles AWS Security Blog](

Source & Binary / You should have lots of AWS accounts TODO

Guide to AWS Lambda Function URLs — Cloudash Blog

[Simplifying serverless permissions with AWS SAM Connectors AWS Compute Blog](

AWS Secrets Manager and the principle of least-privilege

[AWS CloudTrail — The Good, the Bad, and the Ugly by Seshu Pasam Ariksa Medium](

(20) Seshu Pasam on Twitter: “Many #CSPM and #CIEM use-cases rely on #AWS #CloudTrail. Lets check how good it is! AWS CloudTrail — The Good, the Bad, and the Ugly: #IAM” / Twitter

[The importance of a mentor in your cloud learning journey AWS Training and Certification Blog](


I like what AWS has done with its IAM Roles Anywhere release; as a refresher, it lets you get an IAM role anywhere you have a certificate signed by your designated certificate authority. That said, this stuff is finicky to get right–so AWS has launched its rolesanywhere-credential-helper, a reference implementation that’ll help you get your own implementation dialed in.

26 AWS Security Best Practices to Adopt in Production - DEV Community 👩‍💻👨‍💻

26 AWS Security Best Practices to Adopt in Production – Sysdig

Securely Using External ID for Accessing AWS Accounts Owned by Others

[Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground The Daily Swig](

(23) Aidan W Steele on Twitter: “I regret to inform that I am extremely back on my bullshit. I’ve been thinking about connectivity in unusual places. And I got to thinking: can I establish bidirectional connectivity over the Internet between two EC2 instances in private subnets without a third-party relay?” / Twitter

Comparison of AWS Compute Options in 2022 – keep moving

AWS Secrets Manager GitHub Action · Actions · GitHub Marketplace

Securing a new AWS account - Starting with Trusted Advisor - DEV Community 👩‍💻👨‍💻

[Protect Sensitive Data with Amazon CloudWatch Logs AWS News Blog](

AWS Ramp-Up Guide: Security

iann0036/tree-view-cfn: Force CloudFormation to generate a tree view for any stack

[How to detect root hackers on AWS and prevent the launching of unauthorized EC2 instances by David Rampil Medium](

Audit Considerations - CloudSecDocs

AWS IAM (Identity and Access Management) Cheat-sheet/Wrap-up

[How to let builders create IAM resources while improving security and agility for your organization AWS Security Blog](

The Complete Guide to AWS KMS

[Security Nuances of the AWS Metadata Service in Container Workloads by David Levitsky Simply CloudSec Medium](

Simple Route53/Cloudfront/S3 Subdomain Takeover - Hacking The Cloud

awslabs/terraform-iam-policy-validator: A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices

[A comprehensive cloud security approach for state and local governments Google Cloud Blog](

AWS IAM Interview Questions - k9 Security

[How to move towards continuous compliance while avoiding misconfigurations Google Cloud Blog](
[How to let builders create IAM resources while improving security and agility for your organization AWS Security Blog](
[Identity Guide – Preventive controls with AWS Identity – SCPs AWS Cloud Operations & Migrations Blog](
[Insecure Deserialization in AWS Lambda What is the Vulnerability and How to Avoid It? Contrast Security - Security Boulevard](

Identifying publicly accessible resources with Amazon VPC Network Access Analyzer

[Building security guardrails for developers with Google Cloud Google Cloud Blog](
[Building AWS Lambda governance and guardrails AWS Compute Blog](

Guide to AWS Lambda Function URLs

Reusing Connections with Keep-Alive in Node.js - AWS SDK for JavaScript

Cost Optimisation In The Cloud – Practical Design Steps For Architects and Developers – Part 1 – Baldacchino Automation

[Introducing Virtual Machine Threat Detection to block critical threats Google Cloud Blog](

Trivy: Enhanced with AWS scan integration

GuardDuty - the Good, the Bad and the Ugly - Chandrapal Badshah

[Update of AWS Security Reference Architecture is now available AWS Security Blog](
[Get more out of service control policies in a multi-account environment AWS Security Blog](

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane

A Review of the AWS Security Model - Nick Jones

[Securing AWS Lambda function URLs Wiz Blog](

AWS Account Setup and Root User :: AWS Well-Architected Labs

[Security Considerations For Hosting Domain Controllers In Cloud Personal notes on Cybersecurity and Cloud](

State of the Cloud 2022 · Bessemer Venture Partners

IAM Vulnerable - Assessing the AWS Assessment Tools | Bishop Fox TODO

Cloud Permissions

A quick overview of AWS principals, identity-based policies, and resource-based policies

Implement IAM Permission Boundaries with AWS SSO using Terraform
Chris McKinnel

AWS IAM Security Best Practices

Data Perimeter Workshop

[IAM policy types: How and when to use them AWS Security Blog](

AWS account root user credentials and IAM user credentials - AWS General Reference

google/k8s-digester: Add digests to container and init container images in Kubernetes pod and pod template specs. Use either as a mutating admission webhook, or as a client-side KRM function with kpt or kustomize.

Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud Native Threat Landscape | Business Wire

  • ThreatGraph, a powerful a new feature that uses runtime context like network flows to prioritize threat scan results and enables organizations to narrow down attack path alerts from thousands to a handful of the most meaningful (and threatening)
  • Agentless cloud security posture management (CSPM) of cloud assets mapped to various compliance controls like CIS, HIPAA, GDPR, SOC 2, and more
  • YaraHunter, the industry’s first open source malware scanner for cloud native environments

Should AWS really be the default go-to option?

[Research Partnership explores Cloud Analytics by Ingrid Skoog MITRE-Engenuity Jul, 2022 Medium](
[Announcing Cloud Analytics, Google’s latest partnership with MITRE Google Cloud Blog]( Also thinking about finding the right partner :)

[Protecting GCP Services with VPC Service Controls and Terraform by Ryan Canty ScaleSec](

(20) Zack Kanter on Twitter: “Google Cloud will never be profitable. It is borderline impossible for a company whose core product is high margin to build cost discipline in a low-margin secondary product. AWS’s biggest advantage is being borne from (and run like) a low margin core business.” / Twitter

[Cloud Security Wiki Cloud Security Wiki](

Protect Your Data from Ransomware with S3 Object Lock TODO Cloud Security interviews from BSidesSF

[Serverless is a State of Mind. The point is focus — that is the why of… by Ben Kehoe Medium](

Speeding Up AWS IAM Least Privileges with Cloudsplaining, Elastic Stack, & AWS Access Analyzer - YouTube

[How to think about threat detection in the cloud Google Cloud Blog](

Secure SSH on EC2: What are the real threats? – Sysdig

glassechidna/trackiam: A project to collate IAM actions, AWS APIs and managed policies from various public sources.

[Announcing MITRE ATT&CK mappings for Google Cloud security capabilities Google Cloud Blog](

CloudGoat Scenario: Avoiding AWS Security Detection and Response

Granted, Common Fate, and AWS Functionality with Chris Norman - Last Week in AWS Podcast

[Use templated answers to perform Well-Architected reviews at scale AWS Architecture Blog](
[Google Cloud Security Overview Google Cloud Blog](

Noovolari/leapp: Leapp is the DevTool to access your cloud

I’m the maintainer of an open-source Desktop App and CLI that works in a similar way, it manages OKTA as identity provider in order to generate short lived credentials and rotate them locally!

Threat Alert: New Attack Vector Targeting Your Cloud Environment

Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

tektoncd / pipeline
A K8s-native Pipeline resource.

  • - Catalog of shared Tasks and Pipelines.

Catalog of shared Tasks and Pipelines