Blog Archive Page 4 — Security

AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access Management

AWS Identity Center is one way of managing access to AWS Accounts. With AWS Identity Center (previously SSO), there exists multiple pathways to privilege escalation. In this blog post, we cover Identity Center, research into the inner workings of cloud Identity and Access Management related to AWS Identity Center, how to secure AWS Identity Center, and detection with logging and monitoring.

Jason Kao •

AWS

Security

A Guide to Delegated Administrator in AWS Organizations and Multi-Account Management

A guide to managing multiple AWS Accounts using AWS Organizations and how to reduce blast radius by leveraging Delegated Administrator capabilities within AWS Organization to avoid usage of the management root account. This post covers security benefits of delegated administrator, IAM permissions and API actions related to delegation, resource-based delegation policies, and how to gain insight into the structure of the environment and accounts.

Jason Kao •

Security

Tutorials

How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j

How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j, including pre-built queries and views.

Jason Kao •

Security

Tutorials

How to Build an Open Source CSPM with CloudQuery, PostgreSQL, and Grafana

Learn to build an open-source CSPM dashboard with CloudQuery, PostgreSQL, and Grafana. Unbundle the cloud security stack, access raw SQL data, and avoid dashboard fatigue using your existing BI tools.

Yevgeny Pats •

AWS

Security

Outdated Default AWS IAM Policy Language Versions

Amazon Web Services (AWS) has 2 different policy versions for writing JSON IAM policies. This lesser known nuance creates issues with policy variables and newer features. This blog focuses on identifying IAM policies still using the outdated IAM language version.

Jason Kao •

AWS

Security

S3 Security Settings for Enabling S3 Block Public Access and Disabling ACLs

How CloudQuery can help find AWS S3 Bucket and Account Settings for Block Public Access and Access Control Lists (ACLs). Amazon is changing S3 security default behavior to enable Block Public Access and disable Access Control Lists.

Jason Kao •

AWS

Security

Tutorials

Finding Cross-Account AWS EventBridge Usage

How a CloudQuery customer wrote custom queries to find cross-account AWS EventBridge Usage. AWS recently updated security features to help improve security of cross-account AWS EventBridge Event Bus Targets. Teams can migrate to these new features to increase security and compliance.

Jason Kao •

Security

Tutorials

Encryption in AWS and Multi-Account Access

How to encrypt in AWS given a multi-account environment.

Jason Kao •

Previous Next