mirror of
https://github.com/nubenetes/awesome-kubernetes.git
synced 2026-07-13 10:21:14 +00:00
26 KiB
26 KiB
AWS Security
!!! info "Architectural Context" Detailed reference for AWS Security in the context of Cloud Providers (Hyperscalers).
Standard Reference
- Tutorial: Configure Apache Web Server on Amazon Linux to use SSL/TLS [COMMUNITY-TOOL]
- The Most Popular AWS Security Blog Posts in 2015 [COMMUNITY-TOOL]
- Announcing Industry Best Practices for Securing AWS Resources [COMMUNITY-TOOL]
- The Most Viewed AWS Security Blog Posts so Far in 2016 [COMMUNITY-TOOL]
- How to Restrict Amazon S3 Bucket Access to a Specific IAM Role [COMMUNITY-TOOL]
- Updated Whitepaper Available: AWS Best Practices for DDoS Resiliency [COMMUNITY-TOOL]
- AWS Security Blog: In Case You Missed These: AWS Security Blog Posts from June, July, and August 2016 [COMMUNITY-TOOL]
- Amazon s2n: AWS’s new Open Source implementation of the SSL/TLS network encryption protocols [COMMUNITY-TOOL]
- AWS Identity and Access Management (IAM) best practices in 2016 [COMMUNITY-TOOL]
- How to Record and Govern Your IAM Resource Configurations Using AWS Config [COMMUNITY-TOOL]
- How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page [COMMUNITY-TOOL]
- How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda (boto3 python) [COMMUNITY-TOOL]
- How to Use AWS WAF to Block IP Addresses That Generate Bad Requests [COMMUNITY-TOOL]
- How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront [COMMUNITY-TOOL]
- AWS Security [COMMUNITY-TOOL]
- AWS Security docs [COMMUNITY-TOOL]
- Amazon’s customer service backdoor [COMMUNITY-TOOL]
- Oracle Database Encryption Options on Amazon RDS [COMMUNITY-TOOL]
- Learn AWS Security Fundamentals with Free and Online Training [COMMUNITY-TOOL]
- Amazon Inspector Announces General Availability for Windows [COMMUNITY-TOOL]
- encrypt and decrypt data: Importing Key Material in AWS Key Management Service' (AWS KMS) [COMMUNITY-TOOL]
- Encrypt global data client-side with AWS KMS multi-Region keys [COMMUNITY-TOOL]
- dzone: Removing the Bastion Host and Improving the Security in AWS [COMMUNITY-TOOL]
- How to automate AWS account creation with SSO user assignment [COMMUNITY-TOOL]
- Security practices in AWS multi-tenant SaaS environments [COMMUNITY-TOOL]
- How to use AWS Security Hub and Amazon OpenSearch Service for SIEM [COMMUNITY-TOOL]
- faun.pub: Handling Exposed AWS Access Key [COMMUNITY-TOOL]
- github.com/aws-samples: How to set up continuous replication from your third-party' secrets manager to AWS Secrets Manager ⭐ 16 [COMMUNITY-TOOL]
- medium.com/@neonforge: Why You Shouldn’t Use AWS managed KMS Keys [COMMUNITY-TOOL]
- linkedin.com: Complexities of AWS Security Groups in the Cloud World [COMMUNITY-TOOL]
- awslabs/cognito-at-edge ⭐ 238 [COMMUNITY-TOOL]
- github.com/aws-samples: Service Control Policy examples ⭐ 302 [COMMUNITY-TOOL]
- medium.parttimepolymath.net: No more AWS Access Keys? [COMMUNITY-TOOL]
- darryl-ruggles.cloud: AWS SSO Credentials With Multiple Accounts [COMMUNITY-TOOL]
- github.com/awslabs/sustainability-scanner: Sustainability Scanner (SusScanner) ⭐ 123 [COMMUNITY-TOOL]
- aws.amazon.com: Update of AWS Security Reference Architecture is now available [COMMUNITY-TOOL]
- docs.aws.amazon.com: Application security [COMMUNITY-TOOL]
- Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent 🌟 [COMMUNITY-TOOL]
- PCI DSS Standardized Architecture on the AWS Cloud: Quick Start Reference' Deployment [COMMUNITY-TOOL]
- New IAMCTL tool compares multiple IAM roles and policies [COMMUNITY-TOOL]
- Bring your own CLI to Session Manager with configurable shell profiles [COMMUNITY-TOOL]
- aws.amazon.com: IAM Access Analyzer now supports over 100 policy checks' with actionable recommendations to help you author secure and functional policies [COMMUNITY-TOOL]
- aws.amazon.com: IAM Access Analyzer Update – Policy Validation [COMMUNITY-TOOL]
- netflixtechblog.com: ConsoleMe: A Central Control Plane for AWS Permissions' and Access [COMMUNITY-TOOL]
- cloudkatha.com: Difference between Root User and IAM User in AWS You Need' to Know [COMMUNITY-TOOL]
- ben11kehoe.medium.com: AWS Authentication: Principals (users and roles)' in AWS IAM [COMMUNITY-TOOL]
- infoq.com: Incorrect IAM Policy Raised Questions About AWS Access to S3' Data [COMMUNITY-TOOL]
- iann0036/iamlive ⭐ 3381 [ENTERPRISE-STABLE]
- awsiam.info: AWS IAM Search [COMMUNITY-TOOL]
- daan.fyi: AWS IAM Demystified [COMMUNITY-TOOL]
- willdady/cdk-iam-credentials-rotator: IAM Credentials Rotator ⭐ 17 [COMMUNITY-TOOL]
- Organizing Your AWS Environment Using Multiple Accounts (white paper for best practices) [COMMUNITY-TOOL]
- aws.amazon.com: When and where to use IAM permissions boundaries [COMMUNITY-TOOL]
- Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere 🌟 [COMMUNITY-TOOL]
- binx.io: Working with AWS Permission Policies 🌟 [COMMUNITY-TOOL]
- Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles [COMMUNITY-TOOL]
- globaldatanet.com: .AWS IAM Identity Center Permission Management at Scale' Part 2 [COMMUNITY-TOOL]
- How to monitor and query IAM resources at scale – Part 1 [COMMUNITY-TOOL]
- github.com/aws-samples: Visualize AWS IAM Access Analyzer Policy Validation' Findings ⭐ 21 [COMMUNITY-TOOL]
- thenewstack.io: A Deep Dive into the Security of IAM in AWS [COMMUNITY-TOOL]
- awslabs/terraform-iam-policy-validator ⭐ 346 [COMMUNITY-TOOL]
- jimmydqv.com: AWS IAM Anywhere 🌟 [COMMUNITY-TOOL]
- Simplifying permissions management at scale using tags in AWS Organizations [COMMUNITY-TOOL]
- Standardize compliance in AWS using DevOps and a Cloud Center of Excellence (CCOE) approach [COMMUNITY-TOOL]
- AWS Control Tower [COMMUNITY-TOOL]
- aws.amazon.com: New – AWS Control Tower Account Factory for Terraform [COMMUNITY-TOOL]
- hashicorp.com: HashiCorp Teams with AWS on New Control Tower Account Factory' for Terraform [COMMUNITY-TOOL]
- aws.amazon.com: Automate AWS Control Tower landing zone operations using' APIs [COMMUNITY-TOOL]
- doit-intl.com: AWS Firewalls 101: How and when to use each one [COMMUNITY-TOOL]
- Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty [COMMUNITY-TOOL]
- AWS WAF - Web Application Firewall [COMMUNITY-TOOL]
- medium: Blocking bots using AWS WAF [COMMUNITY-TOOL]
- medium: Protecting your Web Application or APIs using AWS WAF [COMMUNITY-TOOL]
- faun.pub: Set up global rate limiting with AWS WAF in 5 minutes [COMMUNITY-TOOL]
- dev.to: AWS WAF (Web Application Firewall): Deep Dive [COMMUNITY-TOOL]
- Automated Let's Encrypt Certificates in Azure Key Vault with ACME Bot [COMMUNITY-TOOL]
- How to replicate secrets in AWS Secrets Manager to multiple Regions [COMMUNITY-TOOL]
- AWS Secrets Manager controller POC: an EKS operator for automatic rotation' of secrets [COMMUNITY-TOOL]
- blog.devops.dev: Debugging Kubernetes Secrets, Why My Pod Wouldn’t Start [COMMUNITY-TOOL]
- AWS Vault ⭐ 8976 [ENTERPRISE-STABLE]
Cloud Infrastructure
AWS Governance
Organizations
- (2024) blog.wut.dev: Moving AWS Accounts and OUs Within An Organization - Not So Simple! [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — An in-depth analysis of the operational complexities and network-level friction encountered when migrating AWS accounts and Organizational Units (OUs) across differing AWS Organizations. Details hidden traps involving Service Control Policies (SCPs), RAM shares, billing, and resource-linked roles. This manual remains highly valuable for cloud architects undertaking corporate restructures or migrations.
AWS Security (1)
Architectural Blueprints
- (2024) ==docs.aws.amazon.com: AWS Security Reference Architecture (AWS SRA) 🌟== [ADVANCED LEVEL] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — The authoritative blueprint detailing prescriptive guidance to design, build, and run security services within a multi-account AWS Organization environment. Organizes AWS Security services (Security Hub, GuardDuty, Macie, IAM) into logical account-level divisions. In 2026, the SRA continues to be the industry-standard template for enterprise AWS governance, serving as the foundational reference architecture for cloud security engineers.
Compliance and Auditing
- (2021) acloudguru.com: How to audit and secure an AWS account 🌟🌟🌟 [COMMUNITY-TOOL] — A comprehensive guide detailing security auditing strategies for AWS accounts. Key recommendations focus on establishing continuous monitoring patterns using AWS CloudTrail, securing root entities with MFA, and leveraging AWS Config for resource mapping. Under current 2026 security benchmarks, these recommendations form the minimal security posture baselines, though contemporary patterns favor automated multi-account orchestration via AWS Control Tower.
Data Protection and Encryption
- (2021) yobyot.com: AWS multi-region KMS keys and Data Lifecycle Manager: better together [ADVANCED LEVEL] 🌟🌟🌟 [COMMUNITY-TOOL] — Analyzes the combined integration of AWS Multi-Region KMS keys with Amazon Data Lifecycle Manager (DLM) to manage encrypted EBS volumes across multiple regional sectors. Facilitates disaster recovery topologies by eliminating the need to re-encrypt snapshots with localized keys during inter-region replication. In 2026 cloud-native resilience paradigms, this configuration is a proven pattern for maintaining low RTO/RPO across fault domains.
Identity and Access Management
- (2025) ==AWS Identity and Access Management - Getting Started== [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Official AWS foundational guide on configuring roles, policies, and users using Identity and Access Management (IAM). Highlights crucial best practices for avoiding permanent credentials, utilizing temporary security tokens, and crafting fine-grained permissions. In 2026, modern implementations universally pair this basic guidance with AWS IAM Identity Center to handle enterprise single sign-on workflows.
Network Security
- (2024) AWS WAF sample rules ⭐ 511 [SHELL CONTENT] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] [LEGACY] — A historical repository containing sample AWS WAF rule sets and templates designed for traffic filtering. Critical Live Grounding: Although useful for understanding core rule constructs, this repository has been officially archived. Modern practitioners are strongly advised to utilize AWS Managed Rules or partner-provided WAF protections managed centrally via AWS Firewall Manager instead of copying legacy templates.
Secret Management
- (2021) k21academy.com: AWS Secrets Manager 🌟🌟🌟 [COMMUNITY-TOOL] — Introduces AWS Secrets Manager, focusing on programmatic secret retrieval, lifecycle rotation, and native RDS integrations. Explains how the platform helps developers eliminate hardcoded credentials in application manifests. Dynamic secrets rotation via AWS Secrets Manager remains a key security paradigm for securing microservices databases.
Security and Compliance
AWS Security (2)
- (2026) ==AWS Security Blog== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — AWS's official technical security feed, featuring deep dives on IAM policies, KMS setups, threat detection strategies, and compliance architectures. Essential reading for platform security architects guarding complex enterprise infrastructures.
Data Engineering
Data Lake Security
AWS Lake Formation
- (2021) keepler.io: Gestionando el control de accesos en nuestro data lake en AWS [SPANISH CONTENT] [ADVANCED LEVEL] 🌟🌟🌟 [COMMUNITY-TOOL] — Discusses access control management structures applied to enterprise Data Lakes on AWS. Emphasizes shifting away from fragile S3 bucket policies toward automated, centralized metadata policies managed by AWS Lake Formation. A critical guide for data engineers aiming to secure transactional storage engines without degrading execution latency or performance.
Platform Engineering
CI-CD Security
Azure DevOps
- Securing Azure DevOps When Using Private Repositories [COMMUNITY-TOOL] — Analyses secure integration patterns for private Azure DevOps environments. Offers standard reference controls for isolating source code hosting, managing external worker access, and mitigating common misconfiguration patterns across self-hosted agent pools.
Cloud Identity
- Avoiding Mistakes with AWS OIDC Integration Conditions [ADVANCED LEVEL] [DE FACTO STANDARD] — An in-depth security analysis detailing how to configure AWS OpenID Connect (OIDC) trust relationships correctly in GitHub Actions and other CI providers. Highlights major vulnerabilities arising from missing subject (sub) or audience (aud) validation and shows how to restrict access patterns safely.
Security
Linux Hardening
Best Practices
- How-To Secure A Linux Server ⭐ 27424 [ADVANCED LEVEL] [DE FACTO STANDARD] — An exhaustive, highly popular guide for securing production Linux environments. Covers SSH hardening, firewalls, user permission boundaries, 2FA, kernel optimization, audit logs, and automated vulnerability scanning.
💡 Explore Related: Googlecloudplatform | Public Cloud Solutions | Managed Kubernetes In Public Cloud