Skip to content

Welcome to CloudSecDocs

TL;DR

CloudSecDocs is a website collecting technical notes, how-tos, and cheatsheets related to cloud-native technologies (not only security-focused), hand curated by Marco Lancini.

The Rationale

For the past few years, I've been collecting information as I was getting accustomed to DevOps concepts, Docker, Kubernetes, and the main cloud providers (AWS, GCP, and Azure). Now, I've decided to make these notes public for everyone to consult.

For (slightly) more details on how CloudSecDocs came to be, you can read the companion blog post: "Introducing CloudSecDocs.com".

Some sections are still work in progress

Just a FYI: for some topics I have further additional content which I haven't got to process and categorise yet. In particular, more material for the following topics will be added in the upcoming weeks/months:

  • IAM: informations, best practices, and tutorials on AWS/GCP/K8s IAM
  • Monitoring: everything related to security monitoring and alerting
  • Incident response: think about containment, forensics, etc.
  • Istio: how does it work and how to secure it

Additionally, I envision this website to integrate closely with CloudSecList, as every week I'll add the more interesting articles back here.

The Structure

This website is currently composed by 8 main sections (as shown in the table below), each containing my personal notes on that specific topic:

Section Content
Containers Docker & Kubernetes fundamentals, architecture, sample apps, usage
Container Security Theory beyond Docker & Kubernetes security, Offensive security & Pentest resources, Devops resources (secure deployment, supply chain, monitoring, tooling, etc)
Devops SDLC, tooling, design & processes
AWS Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
Azure Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
GCP Services overview, Offensive security & Pentest resources, Devops resources (best practices, tooling, etc.)
Kafka Security & tooling
Culture & Engineering Security programs, engineering decisions, organizational structures, management

Disclaimer

As mentioned, these are my personal notes, collated and made available for everyone to reference. Hence, I would like to highlight some points: * These notes *might* contain errors, so please always double-check what you are reading. * These notes come from aggregating many different and amazing sources. I tried to explicitly put references to the original sources, but in case I missed something please do let me know and I'll amend it promptly.

Contact

For any question on this website, you can contact me on Twitter @twitter:lancinimarco or on marcolancini.it.