Stack Overflow
Stack Overflow

Questions tagged [cloud-security]

Not a stand alone tag. Use with any relevant language, technology, project type or specific security tags. For questions related to the programming aspect of security in cloud computing. For security questions that are not specific to coding, consider looking at https://security.stackexchange.com/.

Not a stand alone tag. Use with any relevant language, technology, project type or specific security tags. For questions related to the programming aspect of security in .

For security questions that are not specific to coding, consider looking at Information Security Stack Exchange.

35 questions
5
votes
1 answer

AWS Config - Resource discovery stuck on "Your resources are being discovered"

My company has 2 AWS accounts. On the first (lets call it playground), I have full administrative permissions. On the second (lets call it production) I have limited IAM permissions I enabled AWS Config (using the terraform file on the appendix) on…
Dimi
  • 309
  • 5
  • 25
3
votes
1 answer

Easiest way to list all the permissions you need in IAM for a specific task?

I work in an organization where the IAM is managed by a team and I have to ask them to add specific permissions for me to be able to perform a work. And they will never give anyone full access for a specific service, and I fully agree with that…
Shahad Ishraq
  • 341
  • 2
  • 11
2
votes
2 answers

How do I handle CORS in Spring Boot Oauth2 Resource Server with password grant

Details: I am using spring boot oauth2 resource server which is giving me CORS even after trying different approaches to filter this off. How do my code look ? Its a simple resource server with spring boot with spring-cloud-starter-oauth2 and…
Vikramjeet
  • 215
  • 6
  • 16
1
vote
1 answer

How to spot public S3 buckets

I'm trying to list all the buckets with some kind of public access in an account. The question is: is my rationale correct? I first checked buckets' access block configuration: filtered_buckets = list(filter(lambda item: not…
Kaio H. Cunha
  • 211
  • 2
  • 10
1
vote
2 answers

Access Amazon S3 from a Java program

I have a Java program which needs to access Amazon S3 to put some files there. Please note that this Java program is running in my desktop (not in EC2). What's the best secure way to access Amazon S3 using credentials? Following are the ways I am…
SRaj
  • 1,168
  • 1
  • 14
  • 36
1
vote
1 answer

what would happen to ServiceAccount when we switch from Fine grain to Uniform in Google cloud

We are thinking of switching from Fine grain to Uniform in Google cloud. Not sure how the serviceaccounts would behave which are part of fine grained ACL list? Which they loose access?
dotnetavalanche
  • 804
  • 2
  • 12
  • 25
1
vote
1 answer

Google Security Command Center - relationship between ASSETS security marks vs FINDINGS security marks

After experimenting and checking the documentation on security marks, it is not clear if the assets security marks are the same security marks as the findings one. I've added a security mark in the "Assets" tab, to only go back to the "Findings" tab…
ahong
  • 1,041
  • 2
  • 10
  • 22
1
vote
1 answer

How to handle keys and credentials when deploying to Google Cloud Functions?

I have several cloud functions (in Python) that require a modulair package auth in which there is a subfolder with credentials (containing mostly json files of Google Service Accounts files or Firebase configurations). From a security perspective,…
WJA
  • 6,676
  • 16
  • 85
  • 152
1
vote
0 answers

GCR service account has admin privileges

Cannot use more granular roles to google managed container registry account - service-[PROJECT_NUMBER]@containerregistry.iam.gserviceaccount.com. Not sure if anyone can shed some lights on this. It seems this service account is assigned with a…
Will Williams
  • 11
  • 1
1
vote
1 answer

Why do I need to use a security solution like Centrify on GCP?

Why do I need to use a security solution like Centrify on GCP ? Can I not just use Cloud Identity from Google ?
user1965449
  • 2,849
  • 6
  • 34
  • 51
0
votes
0 answers

Looking for an API call to fetch all domain-wide delegations within my Google Admin Console

For security reasons we are looking to automate calls into Google Admin Console (Workspace) in order to fetch, once a day, all the domain-wide delegations within our Google Admin console, the call needs to provide the client ID and the scopes of…
Jariv Ashkenazy
  • 1
  • 1
0
votes
0 answers

Will Nessus "professional" compliance module scan the configuration of multiple EC2 instances of s3 buckets on AWS

Basically want to know if it will be enough. Going to perform a Nessus professional compliance scan for AWS with programmatic access. Will it scan the configuration of multiple buckets or virtual machines running on the account. I can see that it…
TheNasher
  • 1
  • 1
0
votes
0 answers

How to Learn NeuVector?

I am interested in NeuVector,it is a wonderful project for cloud security,but it is difficult to read its source code.Could you recommand some blogs for analyzing its source code ? thank you I have not finded any blog about NeuVector
jerry tom
  • 1
0
votes
1 answer

Unable to parse parameter: promoteorqurantineFunctionName

I'm deploying an Azure function app as a part of security implementation into and I'm getting the above mentioned error as mentioned in Title section. Here is the powershell script i am running az deployment group create --name…
Pawan Upadhyay
  • 29
  • 9
0
votes
1 answer

Is it possible to block malicious domains in AWS by adding them in Threat List?

I am trying to block malicious domains through AWS Guard Duty which were being queried by some of the EC2 instances. During some research I found out, We can block only IP addresses by adding them in Threat list not the domains. So, is there any…
Mahesh Jandwani
  • 41
  • 6
1
2 3