Skip to content

Security: x86txt/tipsntricks

security.md

high-level security precautions for various cloud environments and products

Common Usage, i.e. "Security 101"

  • always put in the effort to minimally scope account, policy, role, or token privilege1
  • create a limited USER in your Dockerfile and switch to it with the USER command2
    RUN groupadd -r appuser -g 433 && \
        useradd -u 431 -r -g appuser -s /sbin/nologin -c "Docker image user" appuser
        
    USER root
    RUN  somecommand.sh     # command that needs root
    RUN  anothercommand.sh  # another command that needs root
    
    USER appuser           # switch back to the limited user
    

AWS

General

ALB:

Check Encryption

Fargate:

  • create security group for cluster service that only allows traffic to the service from the ALB security group

quick httpstats module for connection request timing

ECR:

  • enable tag immutability to prevent images being overwritten

SES:

Github

Footnotes

  1. https://en.wikipedia.org/wiki/Principle_of_least_privilege

  2. Docker USER reference

  3. Github's Official Guidance

There aren’t any published security advisories