Let's make Cloud #16: SCARLETEEL cloud attack, best practices for Kubernetes in enterprises, building infrastructure and application in the same code with Klotho, computer coding as a 'woman's' job

Hello CloudMakers!

I've finally settled into my new home and am ready to continue sharing my passion for cloud computing with you. As we enter March, let's also take a moment to celebrate Women's Month and the many achievements and contributions of women in technology.

Today we shall see:

• a sophisticated cloud attack that highlights the need for advanced threat protection in the cloud

• best practices for running Kubernetes in an enterprise IT environment

• building infrastructure and application in the same code with Klotho

• BONUS: when computer coding was a 'woman's' job

Enjoy!

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

Recently, the Sysdig Threat Research Team uncovered a highly sophisticated cloud-based attack known as SCARLETEEL that infiltrated a customer's environment and resulted in the theft of proprietary data. The attackers were able to exploit a containerized workload and leverage it to perform privilege escalation into the customer's AWS account, ultimately stealing proprietary software and credentials. The attackers also attempted to pivot into other connected AWS accounts within the organization using a Terraform state file. This attack was unique in its level of sophistication and highlighted the complexity of securing cloud-based infrastructures.

Best Practices for Using Kubernetes on AWS in Enterprise IT

The adoption of containers and Kubernetes by enterprises has increased in recent years, but managing traditional Kubernetes clusters can be difficult. Amazon Web Services' Amazon EKS simplifies the process, but best practices are still needed for running Kubernetes in an enterprise IT environment.

Klotho: easy cloud-native development and adaptive architecture for modern applications

Klotho is a modular suite for modern cloud development that applies static analysis to create an adaptive architecture based on in-code annotations. You can create cloud applications, support event-driven workloads, leverage machine learning models, and expose web APIs.

Klotho's output can be added to existing infrastructure-as-code, and whenever a feature is missing, custom infrastructure-as-code can be added as needed. It automatically applies least-privileged permissions to cloud dependencies and creates or updates infrastructure-as-code to drive your application every time you run it, ensuring safe rollbacks with immutable infrastructure snapshots at every stage.

Klotho is cloud-agnostic and offers interchangeable technologies like AWS Lambda, Fargate, Kubernetes, gRPC, Linkerd, Azure/GCP, and more, which can be switched with one line of configuration.

BONUS: When Computer Coding Was a 'Woman's' Job

In the 1950s, computer coding was a relatively new and obscure field that was largely unknown to the general public. At that time, women played a crucial role in the development of computing technology, serving as "hidden figures" who performed the complex mathematical calculations necessary to program early computers. Despite their important contributions, these women were often overlooked and undervalued, with their work being overshadowed by the male-dominated culture of the time. In this article, we will explore the crucial role of women in computer coding during the 1950s and shed light on the untold stories of these groundbreaking female pioneers in the field of computing.

Thank you for reading my newsletter!

If you liked it, please invite your friends to subscribe!

If you were forwarded this newsletter and liked it, you can subscribe for free here:

Have you read an article you liked and want to share it? Send it to me and you might see it published in this newsletter!

Interested in old issues? You can find them here!