Securing the Cloud #32

Securing the Cloud #32

Cloud security insights: Secure presigned URLs, career roadmap, learning opportunities & community voices on AWS Managed KMS Keys, SSO setup for Confluence with AWS IAM Identity Center.

Brandon Carroll
Amazon Employee
Published Jul 5, 2024
Welcome to the 32nd edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

  • How to securely transfer files with presigned URLs | AWS Security Blog - Securely sharing large files and private data is critical in today's distributed work environments. This article explores how presigned URLs offer a powerful solution by enabling temporary, controlled access to Amazon S3 objects without exposing long-term credentials. It provides prescriptive guidance on best practices for generating and distributing presigned URLs securely, including implementing safeguards against inadvertent data exposure. The article goes into key technical considerations like using unique nonces, access restrictions, and serverless architectures for generating and validating one-time presigned URL access. It even offers a downloadable code sample illustrating how to implement these secure practices. It also emphasizes the importance of governance, continuous monitoring, and automated revocation procedures to maintain effective oversight and control when sharing presigned URLs broadly. By following the guidance outlined in this article, you can unlock the collaborative benefits of presigned URLs while protecting sensitive data. I encourage you to explore the full post to learn how to strike the right balance between secure data sharing and collaborative efficiency using this powerful architectural pattern.

Career Corner

  • Guide to Becoming a Cloud Security Engineer: Roadmap (2024) - As businesses adopt cloud computing, the role of cloud security engineers has become more important and more sought after. This guide digs into the exciting world of cloud security, exploring the responsibilities, skills, and career path. In the article you'll discover how cloud security engineers safeguard sensitive data and implement robust security measures to prevent breaches and cyber threats. You will also gain insights into the various types of cloud security attacks they combat, such as DDoS, hypervisor attacks, and malicious insiders. The article also explores earning potential, certifications, and has a roadmap. Yes, they are promoting a Cloud Security Master's Program that they sell, and I am not recommending you jump into that. But overall for someone that needs an overview and a roadmap, it's a start. And yes, I know, some of this you probably already know, but its good review! If you feel good in this area, just skip it!

Learning and Education

Want to learn something new? Here you go!

Community Voice

A quick note before I get into this weeks share. The articles I share here are mostly posted by AWS Hero's and AWS Community Builders. With that said, I do my best not to do two things: 1\ Share posts from Medium because putting content behind a pay wall is not accessible to everyone and I don't want to encourage people to pay for another service. 2\ Drive traffic to LinkedIn. There is a TON of content there and lots of Hero's and Community Builders share their stuff there. If you want that content please follow them directly on Linkedin. You can find a directory of Hero's and Builders to follow here and here. If you'd like to contribute content to the newsletter, please reach out to me directly!
So, here is a roundup of a few posts from the community this week:
  1. AWS Managed KMS Keys and their Key Policies: Security Implications and Coverage for AWS Services - Are you curious about the AWS Managed KMS Keys and their potential security implications? This blog post provides an insightful overview and introduces a handy tool from Fog Security that scans and lists all AWS Managed KMS Keys along with their corresponding key policies. With visibility into these keys being a challenge, the post highlights the importance of understanding their usage across various AWS services. It also discusses the pros and cons of using AWS Managed KMS Keys, encouraging readers to make informed decisions. The accompanying GitHub repository offers a comprehensive listing of AWS Managed KMS Keys and their key policies, regularly updated through an automated scanning process. Quick statistics and repository contents are also provided, giving you a glimpse into the valuable information available. If you're interested in cloud data security or have feedback on the tool, the author invites you to reach out to Fog Security. Don't miss the opportunity to explore this resource and gain insights into AWS Managed KMS Keys and their potential impact on your cloud environment.
  2. Setting up AWS IAM Identity Center as an identity provider for Confluence - DEV Community - This detailed guide walks you through setting up single sign-on (SSO) for the popular collaboration tool Confluence, using AWS IAM Identity Center. By integrating Confluence with AWS IAM Identity Center, you can centrally manage access for your users across multiple AWS accounts and Confluence itself. The step-by-step instructions cover everything from configuring the Confluence application in IAM Identity Center, to verifying domain ownership in Atlassian Admin, creating the identity provider, and enforcing SSO in Confluence's authentication policies. While the process involves several steps across AWS and Atlassian's interfaces, the guide provides clear directions and troubleshooting tips to ensure a smooth integration. If you're looking to streamline authentication and account management between your AWS environment and Confluence, this comprehensive walkthrough could save you a significant amount of time and effort. The ability to leverage AWS IAM Identity Center for SSO with third-party apps like Confluence also highlights its versatility as an identity provider solution.
That's it for this week. I encourage you to subscribe, share, and leave your comments on this edition of the newsletter.
Also, if you will be attending the AWS Summit New York, please let me know. I will be there as well and I am planning on doing some videos with community members. If videos aren't your thing, lets at least have a chat!
That's it for now!
Happy Labbing!

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.

1 Comment