SweetOps #security for February, 2022

Archive: https://archive.sweetops.com/security/

2022-02-15

Bart Coddens

09:41:14 AM

hi all, I need some general best practice

Bart Coddens

09:41:29 AM

when I check cloudformation / terraform config for a s3 bucket

Bart Coddens

09:41:32 AM

I see this:

Bart Coddens

09:41:53 AM

Check: CKV_AWS_18: “Ensure the S3 bucket has access logging enabled” FAILED for resource: AWS::Bucket.S3Bucket and Check: CKV_AWS_21: “Ensure the S3 bucket has versioning enabled” FAILED for resource: AWS::Bucket.S3Bucket

Bart Coddens

09:42:02 AM

Both are valid remarks

Bart Coddens

09:42:21 AM

but I want some best practice when to enable them because both incur costs

Erik Osterman (Cloud Posse)

07:18:48 PM

That’s largely a business decision, frequently driven by compliance requirements

2022-02-16

2022-02-22

Or Azarzar

04:09:19 PM

Hi All Our Managed Kubernetes Clusters: Avoiding risky defaults, K8s threat modeling and securing EKS clusters webinar starts in less than an hour, still time to register

https://bit.ly/3LRJWwt

Welcome! You are invited to join a webinar: Managed Kubernetes Clusters: Avoiding risky defaults, K8s threat modeling and securing EKS clusters. After registering, you will receive a confirmation email about joining the webinar. attachment image

Learn how to navigate the creating of a secure by default K8s cluster, avoid risky default settings and permissions, and listen to some live threat modeling of security EKS clusters. Join Lightspin CISO Jonathan Rau and Director of Security Research Gafnit Amiga to discuss hot topics and tips for leveling up your Kubernetes security knowledge. Questions and topics covered include: - Avoiding risky default settings in your Kubernetes clusters - Creating a secure by default Kubernetes cluster - Unique supply chain risks for Kubernetes Bring your questions and notepads to this live webinar!