Tag security (Page 1)

Security Iceberg: AWS Security Hub the right way

This is a warning about AWS Security Hub. Organizations that use AWS Security Hub to monitor and mitigate risks pay too much attention to the visible part of the AWS security iceberg, namely the findings. These organizations tend to overlook or underest...

Read more

Application Authentication and Authorization on AWS

In this blog post, you will learn to implement authentication and authorization for your own HTTP(S)-based applications on AWS. Most applications offer some functionality only to authenticated clients. A client can be a human or a machine. Humans usuall...

Read more

How to create a security group allowing traffic from CloudFront only?

It is one of those problems for which there has been no satisfactory solution for years. How do you ensure that only CloudFront is granted access to an Elastic Load Balancer - CLB, ALB, or NLB? Without the ability to restrict incoming traffic, all of Cl...

Read more

Sanction Russia: Block traffic using CloudFront Geo Restriction

Russia attacked a sovereign state this week. Most states condemn the attack and impose sanctions. Among other things, sanctions are intended to mobilize the Russian population to rise up against their aristocrat Putin. As of today, cloudonaut is no long...

Read more

Enabling S3 Versioning is not a backup strategy

Here are three reasons why enabling S3 Versioning is not a backup strategy. Instead, you should consider AWS Backup for S3, which AWS released on February 18th, 2022. AWS Backup enables you to control and automate managing backups centrally. To do so, A...

Read more

AWS Security: Stephen Kuenzli and Andreas Wittig on IAM

Stephen Kuenzli and I lead several cloud migration projects. In this conversation, we shared our learnings focusing on AWS security and IAM (Identity and Access Management). The result is advice and inspiration that will help you in your daily work. Our...

Read more

EC2 Checklist: 7 things to do after launching an instance

Launching an EC2 instance takes minutes. Keeping your virtual machines secure and maintaining your VMs is more work. In this blog post, I share seven things to do after launching a Linux, Windows, or macOS instance: Configure remote access with SSM Ses...

Read more

The AWS Security Journey (2021)

A lot has happened in the area of security at AWS over the years. By now, AWS has released an exhaustive range of security services and the role of the security officer has changed significantly. This article looks back and forecasts where the journey w...

Read more

How I use AWS Security Hub

AWS Security Hub provides a centralized and org-wide overview of how well you are doing in terms of security. Security Hub follows two strategies to collect the needed information: First, Security Hub runs checks based on security standards. Second, Sec...

Read more

Managing application secrets: SSM Parameter Store vs. Secrets Manager

Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...

Read more