This post will cover details about DNS Architecture, Route53 DNS, DNS Security and how to resolve on-premises DNS zones/records from AWS and Route53 private hosted zones from on-premises. Route53 Hybrid DNS is a powerful tool that enables you to efficiently manage your DNS infrastructure by combining both on-premises and cloud…

How you access AWS resources from on-premises also define your security posture and cloud security principles. What is the best way to connect securely from on-premises OR local machine. Few questions to ask yourself :- Are bastion host security groups wide open ? What if SSH RSA pub/priv keypair is…

This post is related to folks with no cloud security experience and how can they get into this field. Below topics will help you become more knowledgeable in AWS security domain. Pursuing certifications is not mandatory but it does give an extra edge and you go extra mile to study…

AWS S3 stands for Simple Storage Service. It’s an object storage service that stores data as objects. It’s designed to provide 99.999999999% durability and 99.99% availability of objects over a given year. In the past there have been many security incidents about S3 data exposure to public and since then…

There are few scenarios in which we might need IAM credentials (static). i.e. in automations like terraform and if it runs on-premises. Creation of static IAM credentials should be avoided . So, what are the options if it’s part of your workflow/automations etc. :- 1. Explore IAM Roles anywhere document…

AWS observability and monitoring is de facto standard in all organizations. It’s worth considering the difference between observability and monitoring. Monitoring lets you know whether a system is working. Observability lets you understand why it isn’t working. There are few important metrics that we should have complete visibility to avoid…

AWS IAM keys can be exposed by mistake, by automation and also intentionally. Another possibility is exposure of STS token i.e. short term/temporary credentials for an AWS account. Temporary credentials can be valid up to 12 hours. STS token access key always starts with “AKIA”. Organizations need to pro-actively remediate…

Few tips regarding AWS China. It’s being managed by separate entity and currently operating in 2 regions i.e. Ningxia and Beijing regions. AWS offers fewer services in China in comparison to US region. IAM : No concept of root user login/email. To provision an AWS account you can use AWS…

Cloud Security Posture Management (CSPM) is a much needed tool for enterprises focussed on cloud security. I’ve list out below top 10 key aspects :- UEBA/Threat Detection with Machine Learning Cloud Resources Misconfiguration Multi Cloud Security (AWS/Azure/GCP etc.) Cloud Asset Management/Graph visualization Real Time Security Incident Alerts Compliance Framework and…