Copy
View this email in your browser
Release Date: 11/11/2019 | Issue: 11
"The Cloud Security Reading List" is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Helm Security Audit Results
As part of the graduation criteria for CNCF projects, Helm 3 has successfully completed its security audit, available in the Helm community repo. In summary, there was only one noteworthy finding and it did not lead to an exploit.


Multi-Account Log Aggregation in AWS for Observability and Operations
Two part series which reviews the basic concepts and discuss different ways of aggregating logs from AWS. Part 1 focuses on forwarding logs to a centralised account, whereas Part 2 covers the actual implementation steps.


Designing Docker Hub Two-Factor Authentication
Docker Hub has finally gotten 2FA to stop container take over.


Kubernetes kube-proxy iptables rules
Tim Hockin (@thockin) released a thorough flowchart describing how the kube-proxy iptables rules work.


"Kubernetes Patterns" Book
The full copy (all 266 pages) of "Kubernetes Patterns" e-book is available for free!


Amazon CloudWatch launches cross-account cross-region dashboards
Amazon CloudWatch now includes cross-account cross-region dashboards, which enable you to create high level operational dashboards, and with one click, drill down into more specific dashboards in different AWS accounts without having to log in and out of different accounts or switch AWS Regions. It is intended for centralized operations teams, DevOps engineers, and service owners who need to monitor, troubleshoot, and analyze applications running in multiple regions and accounts.


tracee - Container tracing using eBPF
The Aqua Security team released tracee, a lightweight, easy to use container tracing tool. After launching the tool, it will start collecting traces of newly created containers. The collected traces are mostly system calls performed by the processes running inside the containers, but other events, such as capabilities required to perform the actions requested by the container, are also supported.


tough
I'm aware that, sadly, not many people are familiar (or even aware!) with "The Update Framework" (TUF). That's why I'm happy to see that AWS has released Rust libraries and tools for using and generating TUF repositories.
Website
Twitter
Copyright © 2019 The Cloud Security Reading List, All rights reserved.