Chapter 3. Getting Started with Serverless Security

In this chapter, we will have our initial discussion on serverless security. In addition to this, I’ll discuss how Identity and Access Management (IAM) works in the cloud and the concepts are defined and implemented on AWS, Azure, and GCP. Finally, I will dive a bit deeper into the guidelines when performing penetration testing activities inside cloud environments.

Introduction to Serverless Security

In order to understand the scope of serverless security, it is important for us to be aware of the shared responsibility model promoted by the cloud platforms. While there may be a few minor differences in how this is implemented across AWS, Azure, and GCP, the core principles generally remain consistent. For one thing, regardless of the type of deployment and usage of cloud resources, the cloud account owner always is responsible for the data, endpoints, account, and access management ...

Get Learning Serverless Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Serverless Security by Joshua Arvin Lat

Chapter 3. Getting Started with Serverless Security

Introduction to Serverless Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly