Skip to main content

· 4 min read

AWS SSO makes it easy to centrally manage SSO Access to multiple AWS accounts, moves the authentication to the IdP (Identity Provider) and removes the need for managing static, long-lived credentials.

AWS CLI added support for SSO late 2019 so you can use it seamlessly in your developer workflow from the CLI without going to the developers portal every time and paste short-lived credentials to the console.

· 5 min read

The Log4shell (log4j) vulnerability (CVE-2021-44228) emphasized more than ever the importance of setting network controls & policies not only on inbound traffic but also on outbound traffic.

In this blog we will go through:

  • What are the requirements for log4j exploitability?
  • What are the possible ways to expose different AWS resources to the internet via outbound access?.
  • How to find resources unrestricted outbound with CloudQuery open-source cloud asset inventory. This will help both to prioritize updates in the current situation as well as help apply network best practices in general.

· 3 min read

CloudQuery policies gives you a powerful way to automate, customize, codify, and run your cloud security & compliance continuously with HCL and SQL. In this blog we will show you how to run our open-source AWS PCI DSS (Payment Card Industry Data Security Standard) compliance policy. Official PCI DSS Guide is available here.

· 3 min read

This feature was deprecated, see blog post.

Today we are excited to announce the release of CloudQuery History in alpha! CloudQuery History adds TimescaleDB support to give users the ability to track their complete cloud asset inventory snapshots over time!

Achieving better visibility into your cloud infrastructure is key in maintaining security, compliance, cost and operational efficiency, and this is why we started CloudQuery in the first place. Maintaining a historical record of your cloud infrastructure configuration is an integral part of your cloud environment lifecycle.

· 4 min read

[Originally posted at]

I have recently discovered a tool that in different scenarios, especially in the inventory, can be useful to us. It's called CloudQuery and it allows you to export the data of the resources of your subscriptions, from the different cloud providers, to be able to execute queries on it by launching SQL statements, since the result is stored in a Postgres. In this article I tell you how to configure it for Microsoft Azure.