Tools, strategies, and ideas to secure your AWS cloud environment.
AWS IAM Policy Types and How To Use Them
When developing your access control strategy for your cloud environment the goal should be to provide least privilege access while making it easy to audit access across your environment. With so many different options and ways that things could go wrong, it’s important to have a plan for how to organize your access control policies in AWS. Here is the model I use when deciding where to place a particular access control in AWS.
8 Things to Look For Securely Introducing AWS Services Into Your Environment
Every year after re:Invent, developers are excited with the announcements of new features/services that AWS released. They want to use the latest and greatest features and they want to do it now. Everyone starts calling you to enable these services in their AWS accounts. Before you enable these, you need to make sure the minimum sec/ops requirements are met. Here's how.
Securing Your Data Lake Using S3 Access Points
IAM policies, Access Control Lists, bucket policies, KMS policies, and just when you thought S3 security couldn’t get any harder AWS introduces a new way to manage access control for your buckets called “access points”. Released at re:Invent 2019, access points are the newest way of managing access to multi-tenant S3 buckets at scale and make it easier to implement fine-grained access control for each application accessing the S3 buckets.
Using Terrascan for Static Code Analysis of Your Infrastructure Code (part 2)
You followed my advice and you configured terrascan as a pre-commit hook to scan your terraform code on your desktop before being committed into your repository. Unfortunately, not all of your co-workers have it installed and security issues have been committed to the repo. Luckily, terrascan can be used in your CI/CD pipeline to test your code before security weaknesses are merged into your main branch. Here's how.