AWS SSO and SSMSessionRunAs session tag

One of the cool new feature with aws sso is the possibility to pass user attributes also known as session tags. This can be very useful for Attribute-Based Access Control (ABAC) as described on the previous article. Another useful case is using the SSMSessionRunAs TAG to specify with which credential an AWS system session manager session is launched which will allow for better security as the default user “ssm-user” has full administrative privilege on the target instance .

Continue reading

pgSilo Extension : Enhance your PostgreSQL security and isolation

PgSilo is a new PostgreSQL extension that aim to provide better security and isolation by confining PostgreSQL back-end session into silo. Every PostgreSQL cluster will be split into many silo, we can have at must one silo per database, this aim to provide better native security when deploying PostgreSQL. A compromised process connected to database A  (Silo A) will not be able to affect database B (Silo B)  in the same cluster or in another database cluster on same HOST machine. That’s the ultimate objective , but we are still far from that!

pgSilo is still in active development and there is still a lot to do but I decided to share it at the early stage to get feedback and contribution of course . Here is a glimpse of what the actual Pre-APLHA release can do :

Continue reading