Simplifying AWS Services Access for pods with EKS Pod Identity

In November 2023, AWS announced EKS Pod Identity, a new feature to facilitate the configuration of IAM permissions for pods hosted on Amazon Elastic Kubernetes Service EKS. Prior to this announcement I had always been used to another method that I usually implement in my EKS clusters. IRSA for IAM Role for Service Accounts. The mai...

Lire la suite

rePlay : la revue de presse Cloud – Édition Spéciale Frissons

👻💀😱 Comme toujours, nous nous efforçons de suivre le rythme des innovations et de vous tenir au courant des sujets et technos Cloud qui nous paraissent les plus prometteurs. Cette fois-ci pour le bilan du mois d’octobre, en plus d’avoir vu le Stade Toulousain l’équipe de France se faire horriblement éliminer en quarts de finale de ...

Lire la suite

5 things you may not know about AWS IAM

When it comes to AWS IAM I recall a time, after less than 2 years of experience, when I told myself: “that’s it, I have nothing more to learn about how it works”. And since then, I learned new things and told myself the exact same thing over and over again. AWS IAM is the gift that keeps on giving, so here are the TOP5 IAM facts that ...

Lire la suite

Securing Your Terraform Deployment On AWS Via Gitlab-Ci And Vault – Part 3

How do you secure your Terraform deployment on AWS using Gitlab-CI and the Vault? In previous articles, we've looked at the problems of CI/CD deployments on the cloud, and then at how to solve these problems by using Vault to generate dynamic secrets and authenticate the Gitlab-CI pipeline. In this third and final article, we will discus...

Lire la suite

Securing Your Terraform Deployment On AWS Via Gitlab-Ci And Vault – Part 2

As we saw in the previous article, it is difficult to authenticate a pipeline or even a Gitlab-CI job to allow secure access to our secrets in least privilege mode. HashiCorp Vault allows us to address this need in a uniform and cloud agnostic way. Let's look at our workflow again, this time adding Vault : Initially, Vault allo...

Lire la suite

Securing Your Terraform Deployment On AWS Via Gitlab-Ci And Vault – Part 1

In previous articles we have seen how to use the Hashicorp Vault tool to centralise static and dynamic secrets and for Encryption as a Service. In this series of articles, we will go further and see how to secure your Terraform deployment on AWS using Gitlab-CI and the Vault tool. This first article will be dedicated to exposing the i...

Lire la suite