Security

AWS Security Primer

AWS Security Primer

I was preparing some AWS Security related training. Soon, I realized that this topic is too huge to fit into my brain. So I structured my thoughts in a mind map1. Within a couple of minutes2 I came up with this: What is your first reaction? Mine was pr...

Improve Security (Groups) using VPC Flow Logs & AWS Config

Improve Security (Groups) using VPC Flow Logs & AWS Config

As mentioned in the previous post Your AWS Account is a mess? Learn how to fix it!, most AWS accounts are a mess. This can be a serious risk, especially for security-related resources like Security Groups. In this post, we will describe a technique to m...

Complete AWS IAM Reference

Writing IAM policies is hard. Following the principle of least privilege is even harder. To write a secure IAM policy you need to know: What actions are needed? Are resource-level permissions supported and on what levels? Are conditions supported to restrict access? That’s a lot of stuff and the information is spread all across the AWS documentation. That’s why we created the Complete AWS IAM Reference. ExampleFor example, you want to allow the launch of new EC2 instances. First you need to find out w...

DevOps and Security #c9d9

What are some of the best practices for building security as an integral part of your tools and practices throughout your delivery pipeline? On Tuesday I participated in an online panel on the subject of DevOps and Security, as part of Continuous Discussions (#c9d9), a series of community panels about Agile, Continuous Delivery and DevOps. Watch a recording of the panel: Continuous Discussions is a community initiative by Electric Cloud, which powers Continuous Delivery at businesses like SpaceX, Cis...

DIY AWS Security Review

A regular security review of your AWS account can reveal security issues with little effort. There are some very easy things you can automatically check with the help of the AWS Command Line Interface that have a big impact. Limit network traffic from 0.0.0.0/0Allowing traffic from the public internet is not bad by default. You usually want your website to be reachable from the public internet (0.0.0.0/0). But you should limit the entry points into your system to keep the attack surface small. With this ...

Antivirus for S3 Buckets

Antivirus for S3 Buckets

Many of our AWS consultancy clients ask me: “How can we make sure that the files that we store on S3 are virus free?” As always, our clients are looking for simple and cheap solutions. That’s why I developed S3 VirusScan. Every file that is added to a...

Event Driven Security Automation on AWS

If your developers create their own infrastructure in minutes, who cares about security? In some organizations the security teams become the new bottleneck if the company wants to deploy every commit to production. Because manual reviews can’t be done for every commit. Teri Radichel’s paper Balancing Security and Innovation With Event Driven Automation shows how you can use AWS to tackle the security bottleneck problem. I will shortly summarize her work and encourage you to read the whole paper and have ...

5 AWS mistakes you should avoid

5 AWS mistakes you should avoid

Since this year I’m working as an AWS Cloud Consultant where I see a lot of small to medium sized AWS deployments. Most of them are typical web applications. I want to share with you the 5 most common mistakes that you better avoid: managing infrastruc...

Improve AWS security: protect your keys with ease

Improve AWS security: protect your keys with ease

As a DevOps engineer, I love to work with the AWS Command Line Interface (CLI) to control various AWS resources in an (half-)automated way. To be able to do so it is necessary to store access keys on my local machine. These access keys (access key ID an...

Monitor your AWS account to detect suspicious behavior in real time

Monitor your AWS account to detect suspicious behavior in real time

You can track every change made to your AWS account with CloudTrail. Did you know that you can also monitor your AWS account in near real time with custom rules specific to your use case? By combining CloudTrail, S3, SNS, and Lambda, you can run a piece...


marbot

Are you part of a highly motivated DevOps team? Use marbot, a friendly chatbot, to forward all kind of alerts from your AWS infrastructure to Slack. Alerts are escalated across your team automatically allowing you to focus on your daily work.

Amazon Web Services in Action

Amazon Web Services in Action introduces you to computing, storing, and networking in the AWS cloud.

Customer Reviews:

Subscribe to free monthly updates.

One subscriber wins our book AWS in Action every month.


Subscribe for free