Cloud Security

TablePlus published a blog post on how they did nothing to handle a DDoS attack. Their blog post titled “We are under DDoS attack and we do nothing” - published at the end of March 2024 - caught my eye when it quickly reached the top of Hacker News.

Least privilege is a defense-in-depth strategy that everyone talks about. While I first heard it a few years back this seemed to be a magical solution to a good number of security issues I faced.

AWS WAF service is an L7 firewall service offered by AWS. It’s easy to set up, seamlessly integrates with other AWS services (ALB, API Gateway, etc.), and comes with a handful of managed WAF rulesets and rate limit features.

The much-awaited AWS re:Inforce 2023 videos have finally landed on YouTube. You can now pick your favorite track and watch the sessions at your own pace here - https://www.youtube.com/@AWSEventsChannel/playlists?view=50&sort=dd&shelf_id=2.

AWS SES is used in multiple ways - automated reminders, marketing emails, security automation & alerts, etc. There’s a risk with the domain verified on SES; often overlooked. A risk that falls at the intersection of Cloud and Enterprise risk.

I’m a huge fan of the Cloud Custodian tool. If you hear the name for the first time - it’s an open-source rules engine for cloud security, cost optimization, and governance.