(Prevent) Hacking into a CloudService - About security, ECS and terraform AWS UserGroup Hannover Online Meetup Feb, 4th 2021



Yoni: Oftentimes, when we think about protecting resources in the cloud, we immediately think about the typical ways in - via public-facing applications or abuse of credentials. In this talk, we will look at one additional way: through the work unit parameters of a service. During the development of Indeni’s Cloudrail SaaS product, Yoni was responsible for trying to find ways to hack into the service. One of the ways he found, raises questions about how secure ECS workloads really are."

AWS Usergroup Hannover is happy to host this meeting and we are happy that we have Yoni Leitersdorf with us. Why you should also be happy: Se below!

This meetup has two parts:

Part one - short introduction into terraform 20 mins (Gernot)

Main Talk: (Prevent) Hacking into a CloudService - About security, ECS and terraform (Yoni)

By: - Yoni Leitersdorf Oftentimes, when we think about protecting resources in the cloud, we immediately think about the typical ways in - via public-facing applications or abuse of credentials. In this talk, we will look at one additional way: through the work unit parameters of a service. During the development of Indeni’s Cloudrail SaaS product, Yoni was responsible for trying to find ways to hack into the service. One of the ways he found, raises questions about how secure ECS workloads really are."

Bio Yoni Leitersdorf Yoni is the CEO and Founder of Indeni, a provider of security automation tools. Recently, Indeni launched Cloudrail, its tool for doing security validation of Terraform code. Prior to Indeni, Yoni had a mix of software and cybersecurity roles. He’s been in software since the age of 6, when he first started coding, and got his cybersecurity stripes at the Israel Defense Forces and Check Point Software. One of Yoni’s projects in the military earned him the esteemed Israeli Security Prize. When he’s not coding or running a business, Yoni tries to stay married and raise three young kids.

Malte and Gernot are the organizers.

Our main speaker is Yoni! Die Please join us at meetup.com The button for participating is at the bottom of the meetup page. Teilnahme

Malte&Gernot

(Diese Meetup ist auf Englisch.)

Appendix

Want to know more about Cloudrail and indeni? Try it: github

Similar Posts You Might Enjoy

AWS Setup: Secure Identity Foundation with Terraform

AWS Setup: Secure Identity Foundation with Terraform When it comes to access management in AWS, often I see a basic setup, with Users in IAM, as described here. Clearly, most people focus on building actual running applications, at first. After the first running POCs, the next migrations are on the road map; your architecture evolves, but the initial IAM setup stays. So it’s better to have a super secure set-up right from the beginning. - by Dr Felix Grelak

Bridging the terraform - CloudFormation gap

CloudFormation does not cover all AWS Resource types. Terraform does a better job in covering resource types just in time. So if you want to use a resource type which CloudFormation does not support yet, but you want to use CloudFormation, you have to build a Custom Resource with an own Lambda Function. CDK to the rescue: use AwsCustomResource. - by Gernot Glawe

Rotate your credentials and don't forget MFA

According to the Well-Architected Framework and the least privileges principle, you should change your access keys and login password regularly. Therefore the user should have the right to edit their credentials. But only their own. Also using MFA - multi-factor authentication enhances the security even more. Therefore the user should be able to change MFA. But only their own. But how to do that? You have to combine two parts of AWS documentation. We will show you how you provide a “self-editing” group for your users with the CDK. - by Gernot Glawe