• Let's make Cloud ☁️
  • Posts
  • Let's make Cloud #51: EKS Blueprints for CDK, Cloud-Native Vulnerability Assessment and Penetration Testing (VAPT), Ephemeral Kubernetes Resources with Mayfly

Let's make Cloud #51: EKS Blueprints for CDK, Cloud-Native Vulnerability Assessment and Penetration Testing (VAPT), Ephemeral Kubernetes Resources with Mayfly

EKS Blueprints for CDK, Cloud-Native Vulnerability Assessment and Penetration Testing (VAPT), Ephemeral Kubernetes Resources with Mayfly

Hello CloudMakers!

Today we shall see:

  • EKS Blueprints for CDK

  • Cloud-Native Vulnerability Assessment and Penetration Testing (VAPT)

  • Ephemeral Kubernetes Resources with Mayfly

Enjoy!

Simplify integration of your Amazon EKS cluster with Amazon EKS Blueprints for CDK

This article discusses the recent deprecation of the Amazon Elastic Kubernetes Service (Amazon EKS) Quick Start based on AWS CloudFormation and introduces Amazon EKS Blueprints for CDK as a replacement.

Amazon EKS Blueprints for CDK offers Infrastructure as Code (IaC) modules available on GitHub, facilitating the configuration and deployment of consistent EKS clusters across different AWS accounts and Regions. It allows users to bootstrap EKS clusters with various add-ons, including both Amazon EKS add-ons and popular open-source tools, simplifying the process of setting up security controls for shared environments.

The article also covers cluster configuration options, including managed node groups, self-managed node groups, AWS Fargate, and their combinations. It explains how to work with existing clusters, import them into the blueprint, and extend their capabilities. Furthermore, the article discusses how Amazon EKS Blueprints for CDK can be used with Git-based pipelines for provisioning and maintaining clusters.

Codebreaking Clouds: Hacking Cloud Native Environments through VAPT Mastery

This article from SIGHUP explores the world of Cloud-Native VAPT (Vulnerability Assessment and Penetration Testing), discusses its types (White Box, Black Box, Hybrid), and highlights its benefits, including proactive threat detection, cost savings, enhanced reputation, and compliance.

It also touches upon Cloud Security Posture Management (CSPM) as a critical subset of VAPT, emphasizing its role in monitoring cloud infrastructure for misconfigurations and vulnerabilities.

Furthermore, the article provides practical examples of VAPT in cloud-native environments, such as assessing software development lifecycles (SDLC) and supply chains, securing Infrastructure as Code (IaC), addressing AWS S3 misconfigurations, and emphasizing the importance of proper Kubernetes security, particularly the Container Runtime Interface (CRI).

Ephemeral Kubernetes Resources with Mayfly

The Mayfly Kubernetes operator allows you to create temporary resources on your Kubernetes cluster that automatically expire after a specified duration, simplifying resource management, cleanup, and organization in your cluster.

The clever aspects of Mayfly include its easy configuration, which allows you to specify which resources to monitor and clean up using the RESOURCES environment variable. Annotations enable you to set expiration times for resources, ensuring automatic deletion based on creation time.

Thank you for reading my newsletter!

If you liked it, please invite your friends to subscribe!

If you were forwarded this newsletter and liked it, you can subscribe for free here:

Have you read an article you liked and want to share it? Send it to me and you might see it published in this newsletter!

Interested in old issues? You can find them here!