🔶 Automate monitoring for your Amazon EKS cluster using CloudWatch Container Insights

How to implement Amazon EKS monitoring and alerting using a custom solution that automates EKS observability capabilities for dynamic performance metrics.

https://aws.amazon.com/ru/blogs/infrastructure-and-automation/automate-monitoring-for-your-amazon-eks-cluster-using-cloudwatch-container-insights/

(Use VPN to open from Russia)

#aws

🔴 Why You Should Disable Your Unauthenticated GKE Read-only Ports

Google recommends organizations proactively disable their unauthenticated GKE read-only port 10255. Read more about why this is important and how to ensure all read-only ports are disabled.

https://orca.security/resources/blog/disable-unauthenticated-read-ports-gke-kubelet-servers/

#gcp

🔶 Federated access to Amazon Athena using AWS IAM Identity Center

How to use the Athena JDBC driver to connect to Athena from third-party SQL client tools.

https://aws.amazon.com/ru/blogs/security/federated-access-to-amazon-athena-using-aws-iam-identity-center/

(Use VPN to open from Russia)

#aws

🔶 Tenant portability: Move tenants across tiers in a SaaS application

Key considerations include maintaining consistent identities, staying compliant, reducing downtime and automating the process.

https://aws.amazon.com/ru/blogs/architecture/tenant-portability-move-tenants-across-tiers-in-a-saas-application/

(Use VPN to open from Russia)

#aws

🔶 SaaS authentication: Identity management with Amazon Cognito user pools

Various ways Amazon Cognito user pools can enable multi-tenant identity for SaaS solutions.

https://aws.amazon.com/ru/blogs/security/saas-authentication-identity-management-with-amazon-cognito-user-pools/

(Use VPN to open from Russia)

#aws

🔶 Understanding AWS Networking: A Guide for Network Engineers

This article provides an overview of AWS networking concepts for network engineers, covering VPCs, subnets, route tables, Internet Gateways, NAT Gateways, and security groups.

https://www.robertdemeyer.com/post/understanding-aws-networking-a-guide-for-network-engineers

#aws

🔶 Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

Preventing anonymous privilege escalation via misconfigured OIDC roles: defensive strategies and AWS's improvements.

https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess

#aws

🔶 Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.

https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/

#aws

🔶 Emerging phishing campaign targeting AWS accounts

The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.

https://www.wiz.io/blog/emerging-phishing-campaign-targeting-aws-accounts

#aws

🔶 AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment

Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.

https://medium.com/@adammesser_51095/cloud-digital-forensics-and-incident-response-aws-iam-privilege-escalation-leads-to-ec2-2d787a4e99a7

#aws

🔶 The Hunt for ALBeast: A Technical Walkthrough

A configuration-based vulnerability hidden within thousands of applications using the AWS ALB authentication feature.

https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast

#aws

🔶 An AWS IAM Security Tooling Reference

A guide to tools for auditing AWS IAM.

https://ramimac.me/aws-iam-tools-2024

#aws

🔶 Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

An extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

#aws

🔶 AWS IAM: A Comprehensive Guide Toward Least Privilege

Some AWS mechanisms we can use to achieve more robust permissions on AWS: Organizations, SCPs, IAM Access Analyzer, permission boundaries, and more.

https://cyscale.com/blog/aws-iam-least-privilege/

#aws

🔶 Exposing Security Observability Gaps in AWS Native Security Tooling

Post exploring the limitations and effectiveness of AWS IAM Access Analyzer in detecting publicly exposed resources across various AWS services.

https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws

#aws

🔶 Industrial IAM Service Role Creation

A guide to tools for creating AWS IAM service roles.

https://ramimac.me/iam-service-roles

#aws

🔶 My Methodology to AWS Detection Engineering (Part 1: Object Selection)

This article outlines a methodology for AWS detection engineering, focusing on understanding AWS services, identifying potential threats, and developing effective detection strategies using CloudTrail logs and other AWS-native tools.

https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection-engineering-part-1.html

#aws

🔶 My Methodology to AWS Detection Engineering (Part 2: Risk Assignment)

Post focusing on the key components that make up the risk assignment rule.

https://chesterlebron.blogspot.com/2024/08/my-methodology-to-aws-detection.html

#aws

🔴 Announcing Terraform Google Provider 6.0.0

Key changes in Terraform Google Provider 6.0.0, including opt-out default labels, deletion protection for resources, and longer name prefixes.

https://cloud.google.com/blog/products/management-tools/announcing-terraform-google-provider-6-0-0/

#gcp