...
- Github Actions & AWS OIDC
- GitHub Actions: Secure cloud deployments with OpenID Connect – GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment.
- AWS Access Keys - A Reference — This post outlines how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
- IAM Vulnerable - Assessing the AWS Assessment Tools
- AWS federation comes to GitHub Actions
- Cloud Security Orienteering - How to Rapidly Understand and Secure an AWS Cloud Environment (and corresponding checklist)
Training and Tutorials
- AWS Security Workshops – A collection of the latest AWS Security workshops from AWS
- Serverless Security Workshop – In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. From AWS
- flAWS 2 Challenge – Teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc. Able to be attacker or defender for challenges.
- CI/CDon't – An active learning exercise where you plan the bad guy where your goal is to gain access to administrative credentials for an AWS account.
...