Welcome to CloudSecDocs¶
TL;DR¶
CloudSecDocs is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by Marco Lancini.
The Rationale¶
For the past few years, I've been collecting information as I was getting accustomed to DevOps concepts, Docker, Kubernetes, and the main cloud providers (AWS, GCP, and Azure). Now, I've decided to make these notes public for everyone to consult.
For (slightly) more details on how CloudSecDocs came to be, you can read the companion blog post: "Introducing CloudSecDocs.com".
Some sections are still work in progress
Just a FYI: for some topics I have further additional content which I haven't got to process and categorise yet. In particular, more material for the following topics will be added in the upcoming weeks/months:
- IAM: informations, best practices, and tutorials on AWS/GCP/K8s IAM
- Monitoring: everything related to security monitoring and alerting
- Incident response: think about containment, forensics, etc.
- Istio: how does it work and how to secure it
Additionally, I envision this website to integrate closely with CloudSecList, as every week I'll add the more interesting articles back here.
The Structure¶
This website is currently composed by 8 main sections (as shown in the table below), each containing my personal notes on that specific topic:
| Section | Content |
|---|---|
| Containers | Docker & Kubernetes fundamentals, architecture, sample apps, usage |
| Container Security | Theory beyond Docker & Kubernetes security, Offensive security & Pentest resources, Devops resources (secure deployment, supply chain, monitoring, tooling, etc) |
| Devops | SDLC, tooling, design & processes |
| AWS | Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.) |
| Azure | Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.) |
| GCP | Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.) |
| Kafka | Security & tooling |
| Culture & Engineering | Security programs, engineering decisions, organizational structures, management |
Disclaimer¶
As mentioned, these are my personal notes, collated and made available for everyone to reference. Hence, I would like to highlight some points:
- These notes might contain errors, so please always double-check what you are reading.
- These notes come from aggregating many different and amazing sources. I tried to explicitly put references to the original sources, but in case I missed something please do let me know and I'll amend it promptly.
Contact¶
For any question on this website, you can contact me on Twitter @lancinimarco or on marcolancini.it.