Do AWS drinks their own champagne? 🍾

TL;DR: AWS Managed Policies are safe. Currently. :arrows_counterclockwise: Previously in Policy Validation Before AWS Access Analyzer (AA) - Policy Validation release, few open source initiatives were available to lint AWS IAM Policies, like Parliament from Duolabs, CloudSplaining (Salesforce). The tricky part of these tools is that they are community-driven, from volunteer contributors, and most of the master data comes from AWS IAM docs web scrapping. It is difficult to maintain over time, especially if the documentation format is changing, or if the documentation is not in sync with the IAM reality. It will be easier for everyone if the one who is providing the rules is the one who creates the validation tool to run against these rules — Isn’t it? ...

April 6, 2021 · 4 min · 802 words · zoph

Turn your AWS DevSecOps Pipeline into bunker

This post was co-authored by Teddy Ferdinand. Who is working as Cloud Security Architect 🐻 Introduction In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what are the benefits of introducing a DevSecOps approach on your existing CI/CD Pipelines. CI/CD Pipeline To give you some context, you will find in the diagram below a standard DevOps CI/CD Pipeline. DevSecWhat? DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices into the existing DevOps teams: DevSecOps 🎉 ...

June 18, 2020 · 8 min · 1531 words · zoph

[FR] AWS re:Inforce 2019

re:Inforce 2019 Il s’agit de la première édition de cette conférence AWS dédiée à la sécurité de ce Cloud Service Provider (CSP). AWS est actuellement en train de proposer de nouveaux événements et summits sur des sujets spécifiques, en plus de l’événement annuel, le re:Invent. Cette conférence aura lieu chaque année dans une ville différente des États-Unis, il est question de Houston pour l’année prochaine. https://reinforce.awsevents.com/ J’ai eu l’occasion de participer au re:Cap du re:Inforce proposé par AWS France, voici en synthèse, les éléments à ne pas manquer. ...

July 15, 2019 · 4 min · 673 words · zoph

[FR] leHack 2019

Présentation Anciennement “la Nuit du Hack”, c’est une conférence sur la sécurité informatique, le ethical hacking de manière plus générale, organisée depuis plus de 16 ans par la même équipe. Cette année était la première année après son changement de nom, les organisateurs attendaient cette fois-ci plus de 3500 personnes. J’ai eu la chance d’y participer pour la première fois cette année à la Cité des Sciences et de l’Industries de Paris. ...

July 13, 2019 · 4 min · 748 words · zoph

Enable Default Encryption for EBS (Worldwide)

Following the announced new opt-in option regarding the default encryption of EBS Volumes a few days ago, I’ve made a small python script to enable this feature on all AWS regions within an AWS Account. Quick and Dirty Simple. This is an example, use it at your own risk, and test it before applying to production, as usual :) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 import boto3 AWS_REGION = 'eu-west-1' session = boto3.Session(region_name=AWS_REGION) ec2 = session.client('ec2') def main(event, context): ec2_regions = [region['RegionName'] for region in ec2.describe_regions()['Regions']] # For all AWS Regions for region in ec2_regions: conn = boto3.client('ec2', region_name=region) print ("Checking AWS Region: " + region) status = conn.get_ebs_encryption_by_default() print ("===="*10) result = status["EbsEncryptionByDefault"] if result == True: print ("Activated, nothing to do") else: print("Not activated, activation in progress") conn.enable_ebs_encryption_by_default() if __name__ == '__main__': main(0,0) That’s all folks! ...

June 10, 2019 · 1 min · 156 words · zoph