Improving IAM policies

2023-09-28 6 min read AWS

Security is a shared responsibility

As you might have read in my previous posts, public cloud itself should be considered as very secure. For major cloud providers such as AWS security is key. Security incidents would destroy AWS’ business so they are fully committed to prevent this from happening. Their almost unlimited access to security talent, extensive knowledge, years of experience, enormous budget, benefit of building things from scratch etc etc are indicators that security is serious business. And looking at the reported incidents compared to the size and scope of their services is impressive. If you are wondering which incidents have been reported, see here. No doubt about security of the cloud.

Limiting access using geographic restrictions

2022-03-03 9 min read AWS

The world is on fire. We’re heading towards - or exactly it already is - a humanitarian disaster in Ukraine. We’ve all seen the heartbreaking footage from the war. Thousands of homeless people fighting and fearing for their lives. I’ve written this blog to help. I do know that a large number of government websites are hosted on AWS.

The conflict between Ukraine and Russia is expanding with cyber warfare. There is fighting on the ground, but also online. Government websites are taken down, broadcasting companies are being hacked, etc. Everything is done to manipulate and disrupt communication technologies. Although most attacks will be sophisticated, there are some simple measurements in AWS you can take to make it more difficult for attackers. It will not be 100% waterproof. Hackers often use Tor-networks and Command and Control-machines. But every bit helps.

Amazon Inspector 2 - What's new?

2022-01-03 6 min read AWS

Six years after the initial launch AWS announced the new Amazon Inspector. The launch took place during re:Invent 2021. With this launch the previous version has been renamed to Amazon Inspector Classic. The new Amazon Inspector is rearchitected to support a wider range of workloads and simplified workflow management.

Scale with simplified management

The management of Inspector 2 has been simplified. Enabling and configuring the service can be done with a few API calls or, if you persist on manual labor, a few clicks in ClickOps. To give an idea of the steps needed to enable Inspector for both existing and new member accounts, the steps are listed below.

Data & Security in the cloud

2021-11-02 1 min read AWS

Martijn Doedens (Cloud Security Consultant at Oblivion) and Niels Zeilemaker (CTO at GoDataDriven) summarise the current state of secure data processing in the (AWS) cloud. We cover the specific services related to data and the services that are used to standardise secure landing zone, actual risks and threats that our customers face when processing big data on AWS and which configurations (aka best practices) you should always implement.

Securing your secrets in the cloud

2021-11-02 1 min read AWS

Have you spotted access keys in code? Putting it directly in your code might not be a good idea. Maybe you saw that Kubernetes offers secrets for this. Have you found your Kubernetes secrets to be readable by everyone? So where do you put your secrets in a secure way? In this session we will look at various solutions, such as Hashicorp Vault, Kubernetes, and solutions offered by AWS.

Threat detection and response in the cloud

2021-11-02 1 min read AWS

In this session we talk about how to do detection and response in the AWS public cloud and what native AWS services can be used to do this. What options are available and what (if any) 3rd party solutions play a role here? If it was up to us, what are the top use cases a security operations.

First glance at AWS CloudFormation Guard 2.0

2021-05-18 3 min read AWS

Yesterday AWS CloudFormation Guard version 2.0 was introduced. Guard is an open source tool that can be used to validate CloudFormation templates against certain rules. You can use it for linting your templates both on syntax and semantics. Linting tools are essential in CI/CD pipelines and an powerful addition when it comes to validating structured and human-readable files such as JSON and YAML. In your delivery pipelines you would preferably run linting tests as early as possible, before proceeding to steps such as compile and deploy steps et cetera(fail-fast).

Older posts