Securing the Cloud #30

Securing the Cloud #30

Explore cloud security trends, career tips, and learning resources in the 30th edition of "Securing the Cloud." Don't miss insights on GitOps, AWS EKS, and more!

Brandon Carroll
Amazon Employee
Published May 25, 2024
Welcome to the 30th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

  • How to Apply GitOps to Everything Using Amazon Elastic Kubernetes Service (Amazon EKS), Crossplane, and Flux | AWS Open Source Blog - This post provides a detailed walkthrough on using GitOps, Crossplane, and Flux to provision and manage cloud infrastructure and applications on Amazon Web Services (AWS). It explains how GitOps enables declarative management of cloud-native stacks, while Crossplane allows using Kubernetes APIs to provision and manage resources across different cloud providers. By following this tutorial, you'll gain practical experience in leveraging the power of GitOps, Crossplane, and Flux to streamline your cloud infrastructure and application deployments on AWS. You'll learn how to version your desired state in Git, automate deployments, and consistently manage resources across environments.

Career Corner

  • Reddit - Dive into anything - Are you someone who works with Infrastructure-as-Code tools like Terraform? If so, this thread goes into an interesting debate - what exactly do you identify as professionally? Are you a developer since you're writing code? An infrastructure engineer since you're provisioning infrastructure? Or perhaps both roles blend together in the world of IaC?

Learning and Education

  • A Beginners Guide to GitOps - GitOps takes the tried-and-true DevOps best practices used for application development, such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation. By leveraging the principles of Git, the widely-adopted version control system, GitOps empowers teams to manage and automate their infrastructure with the same level of rigor and efficiency as they do with their application code. Dive into this beginner's guide to GitOps and discover how this powerful framework can transform your infrastructure automation journey.

Community Voice

  1. Mastering the AWS Security Specialty (SCS) Exam - A Quick Guide - DEV Community - Want to ace the challenging AWS Certified Security Specialty exam? This guide shares invaluable tips and top resources that helped Damien pass on their first attempt. Get an inside look at must-use study materials like Stephane Maarek's comprehensive Udemy course, Whizlabs' hands-on labs for practical experience, TutorialsDojo's realistic practice exams and cheat sheets, and Becky Weiss's session on AWS cloud security fundamentals.
  2. Enable GuardDuty the Right Way - In this article, Rich Mogull takes readers on a journey through the importance of GuardDuty, AWS's Intrusion Detection System for the cloud. With his signature storytelling flair, Mogull transports us back to the "dark days" of the early cloud era, highlighting the significance of visibility tools like CloudTrail and GuardDuty.
  3. Tactical Cloud Audit Log Analysis with DuckDB - AWS CloudTrail - DEV Community - Have you ever needed to analyze CloudTrail logs but found yourself without a convenient search interface or had to temporarily enable CloudTrail for troubleshooting? This article demonstrates how to leverage the capabilities of DuckDB, a powerful open-source SQL database, to query CloudTrail logs directly from Amazon S3.
  4. AWS Cloud Incident Analysis Query Cheatsheet - Securosis - This post provides a comprehensive cheatsheet of essential CloudTrail log queries for cloud incident analysis and response.
  5. Publicly Exposed AWS Document DB Snapshots – High Signal Security – YAIB - Security researcher Dylanjacob discovered a massive public exposure of over 3.5TB of sensitive customer data. Here is the story!


Thanks for coming along for this weeks journey. I encourage you to subscribe, share, and leave your comments on this edition of the newsletter. Please share with your colleagues and if you have any requests please send them my way. I hope you found this useful. Happy Labbing!

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.