...
Useful Articles
- Lesser Known Techniques for Attacking AWS Environments – This post discusses lesser known attack techniques that bad actors can use in attacking AWS accounts, and how to defend against them.
- Github Actions & AWS OIDC
- GitHub Actions: Secure cloud deployments with OpenID Connect – GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment.
- AWS Access Keys - A Reference — This post outlines how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
- IAM Vulnerable - Assessing the AWS Assessment Tools
- AWS federation comes to GitHub Actions
- Cloud Security Orienteering - How to Rapidly Understand and Secure an AWS Cloud Environment (and corresponding checklist)
...