River Point Technology’s Post

Happy Sunday :) Just a 4 minute read to keep you up to date with the latest Cloud Security news, trend and releases. Issue 14 of the AWS Cloud Security weekly newsletter is out. Highlights include: - You can now enable AWS Systems Manager by default for all EC2 instances in an organization - AWS Security bulletin on CVE-2023-44487 - HTTP/2 Rapid Reset Attack - Announcement of the new AWS Cloud Institute and more..... #aws #newsletter #cloudsecurity https://lnkd.in/gkw-tpyv

Handing Auth in your cloud applications is an important component. Having proper security and permission levels is key to building secure applications. You can use tools in AWS like Cognito, OpenID Connect (OIDC) or others but you can also use a more simple SAML2 approach. There are a few vendors like Okta/Auth0 that offer tools like this but they are not very accessible for individuals or small orgs. Keycloak is a open source tool you can setup yourself to be a SAML2 Identity Provider (IdP). This blog from Jakub Wołynko shows hows to setup Keycloak in AWS using the Elastic Container Service (ECS) with Fargate compute and an Application Load Balancer. https://lnkd.in/eVvCp5hn

Now that’s a good blog post. I do wonder how much this costs and cdk probably isn’t as well known as terraform. But I love the idea of keycloak in ecs (I started looking at doing this with hashicorp vault, but… maybe I’ll look at that again with openbao or my python vault solution). Either way, I haven’t seen this written about before and it’s a cool idea (and I also like keycloak).

How can an empty S3 bucket drive you into bankruptcy? Imagine you create an empty private S3 bucket in AWS, in a region of your choice, and the next day your invoice exceeds $1,300. Surprising? Learn the story of an author who discovered how innocent configuration errors can lead to the generation of huge fees and unintended data leaks. This story is a cautionary tale and a valuable lesson about the security and costs associated with the AWS cloud.

Security in the cloud is a shared Responsibility. Making resources Isolated from the Internet and exposing only necessary Infrastructure is the key solution to the burning threat of Cloud Security. Here's an example how you can host your resources privately in the AWS and access it with a Bastion using SSH or AWS SSM. #aws #awscommunitybuilder

Want to know more about securing data sources and accessing them in cloud environments? 🔒 Explore the topic in the article written by our Levi9 colleague, Stefan Božović, Java Developer. His comprehensive text on Medium covers essential aspects like Private Service Connect, GKE Workload Identity, and managing private GKE clusters via a Bastion jump host. Stefan's guide on cloud infrastructure setup offers most up-to-date security insights - check them out in the full article! Link is here: https://lnkd.in/dXU5832z 🔗 #levi9 #levi9serbia #medium

The great thing about public cloud is the ease of use. The really bad thing about public cloud is ease of use. https://lnkd.in/gaWz4i5M

Azure Managed Instance for Apache Cassandra, a fully managed service, enables you to run Apache Cassandra workloads on Azure, freeing you from managing the infrastructure. https://lnkd.in/eZJQ2ygv

You may have seen notifications to rotate SSL/TLS certificates in Amazon RDS, Aurora, and DocumentDB before August 2024. The text discusses updating TLS certificates for Amazon DocumentDB clusters before AWS updates them starting in August 2024. #aws #awscloud #cloud #amazondocumentdb #intermediate200 #technicalhowto

This manual and multi-step process complicated the way users were granted access to Amazon EKS clusters. It prevented administrators from revoking cluster-admin [root-like] permissions from the principal that was used to create the cluster. The need to make calls to different APIs (AWS and Kubernetes) to manage access also increased the likelihood of misconfiguration. #AWS #AmazonWebServices #Cloud #CloudComputing #EKS #K8S #Containers #Kubernetes