Introduction As a developer working with AWS Lambda, I’ve always loved the idea of serverless computing - deploying code without worrying about managing servers. However, one challenge that frequently came up was handling Python dependencies in Lambda functions. Deploying a Lambda function with multiple dependencies can be cumbersome, especially...
Introduction Have you ever wondered how to scale your Google Cloud Platform (GCP) network while keeping it secure and efficient? If so, you're in the right place! In this blog post, we're going to explore the fascinating world of the GCP Hub and Spoke architecture and...
Introduction In the past, I have struggled to create custom findings in AWS GuardDuty or GCP Security Command Center (SCC). GCP SCC has an amazing feature to create custom findings via the API. This feature is quite hidden in the documentation, but in this article, we will explore the different...
Introduction In the current digital landscape, businesses are faced with an increasing number of cybersecurity threats. It is crucial to have robust security measures in place to protect sensitive data and maintain business continuity. One solution that can help is the Google Cloud Platform (GCP) Cloud Intrusion Detection System (IDS)...
AWS S3 is a great storage platform for hosting data. However, it's also a target for malicious intruders. 🎯 Most applications allow the user to upload their own data on S3 buckets. For example, to store images 📷, videos 📹, or any other custom data. How can you safeguard your AWS...
Software development is a dynamic process that involves multiple stages, from writing code to testing and deployment. Code quality plays a crucial role in software development, as it determines the overall performance and reliability of the software. Poor code quality can lead to bugs, crashes, and security vulnerabilities. SonarQube is...
The bigger our cloud environments are getting, the harder it is to manage all security alerts and vulnerabilities of our workloads and services. For this purpose, we can utilize a tool called Security information and event management (SIEM), which provide real-time analysis of security alerts. AWS offers the service OpenSearch...
Amazon announced GuardDuty during the AWS re:invent 2017 to protect AWS accounts against a wide variety of attacks. Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behavior to protect your Amazon Web Services accounts, workloads, and data stored in Amazon S3. While using...
AWS WAF delivers web application protection from malicious attacks and intrusions. The service protects applications running on AWS services such as CloudFront, Application Load Balancer, API Gateway, or AWS AppSync. In early November AWS WAF (Web Application Firewall) introduced granular geo-based blocking rules. We can now check new labels, which...
AWS recently introduced deletion protection for Amazon Cognito. This is mainly useful if you are using the DeleteUserPool API as it immediately deleted a user pool in the past, even production resources. Deletion protection is automatically enabled for all new user pools by default. For existing user pools you need...
When you build applications and solutions, you want to restrict access to other AWS services. Typically, you would use IAM policies and roles to accomplish this task. However, managing these policies can get quite complicated. Luckily, AWS recently introduced several new features for the IAM Access Analyzer, providing users greater...
During mid of October, AWS released the AWS Parameters and Secrets Lambda Extension. It makes it easier to retrieve parameters or secrets from the Systems Manager Parameter Store or AWS Secrets Manager. As the lambda function makes requests to different AWS services, we need to adjust the execution role. You...
At the beginning of October AWS added the IAM Access Analyzer functionality to validate role trust policies directly in the AWS console. It guides you through adding each policy element, like actions or conditions, and provides context-specific documentation. To make your policies even more secure, it automatically checks for issues...
Infrastructure as code (IaC) is defined as the process of managing and provisioning components in a data center through machine-readable definition files. Usually, JSON or YAML files. In our cloud environments, we want to automatically deploy code to new regions and centrally manage it in a version control system. AWS...
