During one of our recent AWS Security Reviews, I ran across an interesting technique that attackers can use to create a backdoor in AWS accounts. It works by using three S3 IAM actions, CloudFormation, and an administrator who is not careful enough. This vector is not new but still scary - and today, I will show you how to check your account for this risk and any previous compromises.
How to: CloudFormation Makro CloudFormation vermisst gegenüber Terraform einige Funktionen, die das Erstellen von Infrastruktur vereinfachen können. Das ist grundsätzlich korrekt, allerdings gibt es in CloudFormation die Möglichkeit, sich selber um den Ei
Cloudformation as a description language With AWS CloudFormation, (almost) all AWS service can be described in a configuration language. This enables scripting of AWS infrastructure. Thus, AWS resources are well documented. The templates can also be store
Cloudformation als Beschreibungssprache Mit AWS CloudFormation lassen sich (fast) alle AWS Dienst in einer Konfigurationssprache beschreiben. Das ermöglicht Scripten von AWS-Infrastruktur. So sind die AWS Ressourcen gut dokumentiert. Die Templates können
CloudFormation does not cover all AWS Resource types. Terraform does a better job in covering resource types just in time. So if you want to use a resource type which CloudFormation does not support yet, but you want to use CloudFormation, you have to bui
Hier der Link zu einem PDF mit 10 kleinen Tipps im Umgang mit CloudFormation: 10 tips when using CloudFormation