Posts by

Becki Lee

Locking Down the Security of AWS IAM

Becki Lee February 8, 2021

This post is based on the Fugue's Cloud Security Masterclass series focused on AWS IAM security.

Read More

Cloud Network Security 101: Azure Service Endpoints vs. Private Endpoints

Becki Lee October 8, 2020

Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by Azure Private Link) both promote network security by allowing VNet traffic to communicate with service resources without going over the internet, but there are some differences. This three-part blog series goes into detail about both services.

Read More

Cloud Network Security 101: Azure Private Link & Private Endpoints

Becki Lee September 25, 2020

Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by Azure Private Link) both promote network security by allowing VNet traffic to communicate with service resources without going over the internet, but there are some differences. This three-part blog series goes into detail about both services.

Read More

Cloud Network Security 101: Azure Virtual Network Service Endpoints

Becki Lee September 17, 2020

Microsoft Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by Azure Private Link) both promote network security by allowing VNet traffic to communicate with service resources without going over the internet, but there are some differences.

Read More

Cloud Security in CI/CD Part II: Terraform and Regula for Infrastructure as Code Validation

Becki Lee March 12, 2020

In part 1 of this walkthrough, we set up a CI/CD pipeline to define, commit, deploy, and secure infrastructure as code. To recap, here are the components:

Read More

Cloud Security in CI/CD Part I: Terraform, Github, CircleCI, and Fugue

Becki Lee March 2, 2020

Fugue allows you to easily and programmatically validate your cloud infrastructure for security and compliance. By integrating Fugue into your CI/CD pipeline, you can detect resource misconfiguration and compliance violations as part of every deployment.

Read More

Pre-deployment Policy Checks for Terraform using Open Policy Agent and Regula

Becki Lee February 6, 2020

We recently open sourced our tool Regula, which allows you to check your Terraform infrastructure as code for compliance prior to deployment. Regula can be used locally or as part of a CI/CD system, independently of Fugue or with Fugue.

Read More

Interactively Debugging the Rego Policy Language with Fregot

Becki Lee November 26, 2019

Fugue performs more than 100 million policy validations a day in order to identify compliance violations for cloud infrastructure environments at scale. These policy-as-code validations are written in Rego, the policy language for the Open Policy Agent (OPA) engine. To enhance the process of writing and debugging Rego policies, we recently open-sourced fregot, the Fugue Rego Toolkit. You can think of fregot as an alternative to OPA's built-in interpreter -- the REPL allows you interactively debug Rego code with easy-to-understand error messages, and you can evaluate expressions and test policies. Read more about it in our blog post here.

Read More

Cloud Network Security 101: AWS Security Groups vs NACLs

Becki Lee September 19, 2019

In part two of the Cloud Network Security blog series, we will discuss two methods of securing your network within Amazon Web Services: security groups and network access control lists (NACLs). Both resource types act as a virtual firewall to protect your network, and they have some similarities. For example, security groups and NACLs both use sets of inbound and outbound rules to control traffic to and from resources in a VPC.

Read More

Cloud Network Security 101: AWS VPC Endpoints

Becki Lee September 12, 2019

Network security is critical to operating in the cloud. There are many different ways you can secure your network, but the best approach is to layer multiple methods. The more layers implemented in your security, the harder it is for malicious actors to access your network.

Read More