Files
awesome-kubernetes/v2-docs/aws-security.md

26 KiB
Raw Blame History

AWS Security

!!! info "Architectural Context" Detailed reference for AWS Security in the context of Cloud Providers (Hyperscalers).

Standard Reference

Cloud Infrastructure

AWS Governance

Organizations

  • (2024) blog.wut.dev: Moving AWS Accounts and OUs Within An Organization - Not So Simple! [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — An in-depth analysis of the operational complexities and network-level friction encountered when migrating AWS accounts and Organizational Units (OUs) across differing AWS Organizations. Details hidden traps involving Service Control Policies (SCPs), RAM shares, billing, and resource-linked roles. This manual remains highly valuable for cloud architects undertaking corporate restructures or migrations.

AWS Security (1)

Architectural Blueprints

  • (2024) ==docs.aws.amazon.com: AWS Security Reference Architecture (AWS SRA) 🌟== [ADVANCED LEVEL] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — The authoritative blueprint detailing prescriptive guidance to design, build, and run security services within a multi-account AWS Organization environment. Organizes AWS Security services (Security Hub, GuardDuty, Macie, IAM) into logical account-level divisions. In 2026, the SRA continues to be the industry-standard template for enterprise AWS governance, serving as the foundational reference architecture for cloud security engineers.

Compliance and Auditing

  • (2021) acloudguru.com: How to audit and secure an AWS account 🌟🌟🌟 [COMMUNITY-TOOL] — A comprehensive guide detailing security auditing strategies for AWS accounts. Key recommendations focus on establishing continuous monitoring patterns using AWS CloudTrail, securing root entities with MFA, and leveraging AWS Config for resource mapping. Under current 2026 security benchmarks, these recommendations form the minimal security posture baselines, though contemporary patterns favor automated multi-account orchestration via AWS Control Tower.

Data Protection and Encryption

  • (2021) yobyot.com: AWS multi-region KMS keys and Data Lifecycle Manager: better together [ADVANCED LEVEL] 🌟🌟🌟 [COMMUNITY-TOOL] — Analyzes the combined integration of AWS Multi-Region KMS keys with Amazon Data Lifecycle Manager (DLM) to manage encrypted EBS volumes across multiple regional sectors. Facilitates disaster recovery topologies by eliminating the need to re-encrypt snapshots with localized keys during inter-region replication. In 2026 cloud-native resilience paradigms, this configuration is a proven pattern for maintaining low RTO/RPO across fault domains.

Identity and Access Management

  • (2025) ==AWS Identity and Access Management - Getting Started== [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Official AWS foundational guide on configuring roles, policies, and users using Identity and Access Management (IAM). Highlights crucial best practices for avoiding permanent credentials, utilizing temporary security tokens, and crafting fine-grained permissions. In 2026, modern implementations universally pair this basic guidance with AWS IAM Identity Center to handle enterprise single sign-on workflows.

Network Security

  • (2024) AWS WAF sample rules 511 [SHELL CONTENT] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] [LEGACY] — A historical repository containing sample AWS WAF rule sets and templates designed for traffic filtering. Critical Live Grounding: Although useful for understanding core rule constructs, this repository has been officially archived. Modern practitioners are strongly advised to utilize AWS Managed Rules or partner-provided WAF protections managed centrally via AWS Firewall Manager instead of copying legacy templates.

Secret Management

  • (2021) k21academy.com: AWS Secrets Manager 🌟🌟🌟 [COMMUNITY-TOOL] — Introduces AWS Secrets Manager, focusing on programmatic secret retrieval, lifecycle rotation, and native RDS integrations. Explains how the platform helps developers eliminate hardcoded credentials in application manifests. Dynamic secrets rotation via AWS Secrets Manager remains a key security paradigm for securing microservices databases.

Security and Compliance

AWS Security (2)

  • (2026) ==AWS Security Blog== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — AWS's official technical security feed, featuring deep dives on IAM policies, KMS setups, threat detection strategies, and compliance architectures. Essential reading for platform security architects guarding complex enterprise infrastructures.

Data Engineering

Data Lake Security

AWS Lake Formation

  • (2021) keepler.io: Gestionando el control de accesos en nuestro data lake en AWS [SPANISH CONTENT] [ADVANCED LEVEL] 🌟🌟🌟 [COMMUNITY-TOOL] — Discusses access control management structures applied to enterprise Data Lakes on AWS. Emphasizes shifting away from fragile S3 bucket policies toward automated, centralized metadata policies managed by AWS Lake Formation. A critical guide for data engineers aiming to secure transactional storage engines without degrading execution latency or performance.

Platform Engineering

CI-CD Security

Azure DevOps

  • Securing Azure DevOps When Using Private Repositories [COMMUNITY-TOOL] — Analyses secure integration patterns for private Azure DevOps environments. Offers standard reference controls for isolating source code hosting, managing external worker access, and mitigating common misconfiguration patterns across self-hosted agent pools.

Cloud Identity

  • Avoiding Mistakes with AWS OIDC Integration Conditions [ADVANCED LEVEL] [DE FACTO STANDARD] — An in-depth security analysis detailing how to configure AWS OpenID Connect (OIDC) trust relationships correctly in GitHub Actions and other CI providers. Highlights major vulnerabilities arising from missing subject (sub) or audience (aud) validation and shows how to restrict access patterns safely.

Security

Linux Hardening

Best Practices

  • How-To Secure A Linux Server 27424 [ADVANCED LEVEL] [DE FACTO STANDARD] — An exhaustive, highly popular guide for securing production Linux environments. Covers SSH hardening, firewalls, user permission boundaries, 2FA, kernel optimization, audit logs, and automated vulnerability scanning.

💡 Explore Related: Googlecloudplatform | Public Cloud Solutions | Managed Kubernetes In Public Cloud