Tools, strategies, and ideas to secure your AWS cloud environment.
8 Things to Look For Securely Introducing AWS Services Into Your Environment
Every year after re:Invent, developers are excited with the announcements of new features/services that AWS released. They want to use the latest and greatest features and they want to do it now. Everyone starts calling you to enable these services in their AWS accounts. Before you enable these, you need to make sure the minimum sec/ops requirements are met. Here's how.
Securing Your Data Lake Using S3 Access Points
IAM policies, Access Control Lists, bucket policies, KMS policies, and just when you thought S3 security couldn’t get any harder AWS introduces a new way to manage access control for your buckets called “access points”. Released at re:Invent 2019, access points are the newest way of managing access to multi-tenant S3 buckets at scale and make it easier to implement fine-grained access control for each application accessing the S3 buckets.
Using Terrascan for Static Code Analysis of Your Infrastructure Code (part 2)
You followed my advice and you configured terrascan as a pre-commit hook to scan your terraform code on your desktop before being committed into your repository. Unfortunately, not all of your co-workers have it installed and security issues have been committed to the repo. Luckily, terrascan can be used in your CI/CD pipeline to test your code before security weaknesses are merged into your main branch. Here's how.
Using Terrascan for Static Code Analysis of Your Infrastructure Code (part 1)
You’ve been working hard on a project trying to get it to production ASAP. You even spent nights and weekends working extra hard on terraform code to provision your infrastructure. It’s Friday night and you’re ready to go home after a long week. Just when you’re about to leave, your security team calls you. One of your S3 buckets was made public. Here's how to scan your code and prevent this from happening.