Shine a little light (on Cloud Security), Photo Daniel Páscoa

Cloud Security is a main theme of #NoDrama DevOps and here is a curated set of posts that will help you learn about it.

We built k9 Security to help Cloud engineers understand and improve their AWS Security policies quickly and continuously. Check out how k9 can help you Go Fast, Safely.

Preparing for a Cloud Migration

If you are trying to discover the Security topics and resources needed to prepare for a Cloud Migration, see:

Critical AWS Security Architecture Topics

First a bit about the problem of managing access in AWS:

AWS accounts and the structure of your AWS organization are a critical aspect of AWS Security Architecture. The AWS account is the primary, and strongest partition between identities and protecting resources in the Cloud. See these posts for a detailed discussion:

Patterns that solve common problems:

Governance, Risk, Compliance

Establishing Enterprise-wide guardrails for activities in AWS:

Governance of quickly changing Cloud deployments is an immature but improving practice. Ground yourself by understanding:

This will prepare you to push own Cloud deployments to best-in-industry by modeling Security and Risks so that you can analyze risk quantitatively:

Improving Security

As your deployments grow and you try to improve security policies, you’ll be left wondering why X can’t access Y, here’s How to debug ‘AccessDenied’ errors in AWS.

You’ll also need to understand the The First Secret Problem, how applications establish their identity, and how to deliver secrets such as passwords and api keys to them. I researched and published a report on the State of Application Secret Delivery and Audit Practices (2019q3). You can learn start by learning the fundamental problems and solutions


If you would like some private, personalized guidance on these topics, consider a Guidance Engagement.