Cloud Security

Shine a little light (on Cloud Security), Photo Daniel Páscoa

Cloud Security is a main theme of #NoDrama DevOps and here is a curated set of posts that will help you learn about it.

Preparing for a Cloud Migration

If you are trying to discover the Security topics and resources needed to prepare for a Cloud Migration, see:

Critical AWS Security Architecture Topics

First a bit about the problem of managing access in AWS:

AWS accounts and the structure of your AWS organization are a critical aspect of AWS Security Architecture. The AWS account is the primary, and strongest partition between identities and protecting resources in the Cloud. See these posts for a detailed discussion:

Patterns that solve common problems:

Establishing Enterprise-wide guardrails for activities in AWS:

As your deployments grow, you’ll be left wondering why X can’t access Y, here’s How to debug ‘AccessDenied’ errors in AWS.

You’ll also need to understand the The First Secret Problem, how applications establish their identity, and how to deliver secrets such as passwords and api keys to them. I researched and published a report on the State of Application Secret Delivery and Audit Practices (2019q3). You can learn start by learning the fundamental problems and solutions


If you would like some private, personalized guidance on these topics, consider a Guidance Engagement.