Let’s face it — containers and Kubernetes is eating the stack and de-facto standard for microservices architecture. A number of limitations exist in the container life-cycle:
Hence it’s imperative to have this journey secured in the best possible manner. Listing some precautions and necessary steps at a high level that needs to be undertaken as you embark this journey.
1. BUILD Phase: Security starts with…
Cloud native design thinking has taken the world by storm and it definitely is the new standard for modern application development. This usually translates to the usage of popular Docker and Kubernetes platform with a service mesh architecture attained with Istio.
The security of your workloads and data is a key consideration as you manage clusters in managed services such as Azure Kubernetes Service (AKS). For example, a Zero Day task would be to secure the associated resources run in a multi-tenant cluster obtained with logical isolation.
Below, we take a look at some of the security concerns, key considerations…
The future is already here, but it’s not evenly distributed — William Gibson
Cloud computing was never meant to be vendor locked, but over the years it certainly is leaning that way. I certainly believe in a multi-hybrid cloud future and almost makes a conscious decision to be at-least aware of various prominent developments and releases from the top 3 (AWS, Azure, GCP) in this space. To be honest, OCI was not even in my radar as I consider it to be a laggard (things may change soon).
Full Disclosure: I’m a full time developer who enjoys systems, networking and security and not from a DevOps/SysOps background.
Although, this is an associate level certification, it is advisable that you have either cleared the Solution Architect (Associate) or Developer (Associate) exam prior to attending this exam.
Having said that, listing below the list of resources, tutorials, practice tests and reference materials used for preparation.
1. Understand the concepts from the AWS Well-Architected Framework as knowing the right definitions will do wonders to get the fundamental grasp of AWS services and cloud in general
Before I begin giving out my study strategy and exam prep tips let me take this opportunity for doing a huge shout out to the folks at CNCF for doing a fantabulous job in devising such a practical and hands-on certification as compared to the MCQ format examinations. It’s also double sweet that I cleared it now without having to step out from the comfort of my home with the Corona pandemic sweeping across the world. Truly visionary indeed!
Categorizing the resources used by me for clearing the CKAD certification as Generic References, Specific Materials and Practice Areas for easy…
The default security settings of Amazon Linux 2 may not be the most strictest. In this brief write-up, I will try to explain how a couple of these configs can be hardened from a security perspective. Let’s get started…
It’s always a great feeling when you achieve something new and double sweet when it’s a little challenging. This was precisely what I felt when I cleared my Professional Cloud Security Engineer (PCSE) certification from Google Cloud this week. Just thought of penning down an article of the resources, materials and tutorials I followed in achieving this.
*** YOUR MILEAGE MAY VARY ***
1. Familiarize yourselves with the Official Exam Guide. This is a great way to understand the topics covered in the exam and would help you have a mental gauge on where you stand before beginning the preparation.
Managing Advanced Permissions:
You can find Part 1 of this series here.
There are three advanced permissions — set user ID (SUID), set group ID (SGID) and sticky bit. Let’s look each of these permissions in detail:
Sometimes a user would need special permissions just for execution of a certain task (for e.g change his password). This would require writing to the /etc/shadow file which is write protected from users not having root permissions. SUID comes in handy for these situations and the utility (/usr/bin/passwd) to change one’s password has it enabled by default.
Here’s the output of 1s -1…
Linux file/directory permission can be broken down as 3 columns each having three permissions (read, write and execute) grouped for three types (users, groups and others)
There’s also an additional column at the beginning which would indicate if it’s either a directory or a link.