How I use AWS Security Hub
AWS Security Hub provides a centralized and org-wide overview of how well you are doing in terms of security. Security Hub follows two strategies to collect the needed information: First, Security Hub runs checks based on security standards. Second, Sec...Read more
Managing application secrets: SSM Parameter Store vs. Secrets Manager
Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...Read more
DNSSEC with Route 53: Protecting the core of the Internet
The Internet relies on DNS. This makes it all the more important to do everything possible to protect the global DNS infrastructure from attacks. Andreas explains how DNSSEC protects from DNS spoofing. During the demo you will learn how to enable DNSSEC...Read more
A Deep Dive into AWS CloudTrail
Who made changes to sensitive parts of your cloud infrastructure? Capture audit logs with AWS CloudTrail. Learn how to analyze the audit logs with the help of CloudWatch Logs Insights or Athena. On top of that, we discuss how to rollout CloudTrail to al...Read more
Does your VPC endpoint allow access to half of the Internet?
Are you using VPC endpoints to enable private connections between your VPC and AWS services? Drop everything and check the policy attached to your VPC Endpoint for S3. You might have allowed access to half of the Internet - assuming that half of the Int...Read more
Debugging a VPC: Security Groups, Network ACLs, and Routing Tables
Configuring a VPC (Virtual Private Cloud) and firewalls (Security Groups and Network ACLs) is tricky. What to do when you cannot find the cause for a connection refused or connection timed out error when connecting to an EC2 instance, RDS database insta...Read more
Transition to IMDSv2 on EC2 - Introduction, Preparation, Pitfalls
IMDSv2 can improve EC2 security. For a couple of weeks, AWS Foundational Security Best Practices recommends that EC2 instances use IMDSv2 (control EC2.8). This video explains why IMDSv2 is useful and what attacks it protects you against, including a li...Read more
Have you replaced IAM Users with AWS SSO yet?
The most secure option to isolate workloads from each other is to use multiple AWS accounts. Many organizations use different AWS accounts for testing and production, for example. The more AWS accounts you use, the more complicated it gets to manage use...Read more
AWS needs a bug bounty program
A few weeks ago, while evaluating an AWS service, I stumbled upon an issue with the way the AWS API evaluates IAM policies for a particular IAM action. I contacted aws-security@am&...Read more
Terraform, can you keep a secret?
Did you know that Terraform state can - and most likely does - contain sensitive data? A few examples of sensitive information stored in the Terraform state: Initial password for an RDS instance. Unencrypted value fetched from SSM parameter (SecureStri...Read more