aws
Safeguard articles tagged "aws" — guides, analysis, and best practices for software supply chain and application security.
67 articles
Designing tamper-evident CloudTrail logging across an AWS organization
AWS CloudTrail's default event history holds only 90 days. A centralized, hash-validated org trail is what actually survives an incident or an audit.
The S3 bucket security hardening checklist
AWS blocked public access by default in April 2023, yet misconfigured buckets still leak data — here's a concrete checklist and Terraform to close the gaps.
AWS secure REST API vs. S3: where shared responsibility actually splits
S3 buckets are private by default — every public leak is a customer misconfiguration. Capital One's 2019 breach of 106 million records proves the boundary.
The AWS Shared Responsibility Model, Explained With Real Examples
AWS secures the cloud; you secure what's in it. Most breaches — like the thousands of exposed public S3 buckets found every year — happen entirely on the customer's side of that line.
DevSecOps on AWS: a reference architecture for CI/CD security gates
Amazon Inspector, CodePipeline manual approvals, and SLSA v1.0 (April 2023) give you the primitives — but nobody ships them wired together as one gated pipeline.
The S3 bucket security checklist every AWS team needs
AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.
The most common infrastructure-as-code security risks, with Terraform examples
AWS S3 buckets are private by default, yet public-bucket findings still top every cloud posture scan — because Terraform's own access-block resource defaults to open.
AWS S3 Bucket Security: The Complete 2026 Guide
S3 is the single most common source of cloud data leaks. This guide covers block public access, encryption, bucket policies, and how to enforce all three in Terraform.
Terraform Security Best Practices: Hardening Your IaC in 2026
Terraform provisions your entire cloud, which makes it your largest attack surface as code. Here are the practices that keep state, modules, and providers from becoming the breach.
Cloud Security for Beginners: Your First Steps in the Cloud
The cloud gives you enormous power with a few clicks, and that includes the power to expose data by accident. Here is a warm, beginner-friendly guide with a first check you can run on your own account today.
What Is CSPM? Cloud Security Posture Management Explained
A clear, vendor-neutral explanation of Cloud Security Posture Management — what CSPM does, where it fits, its blind spots, and how build-time scanning complements it.
Cloud Misconfiguration Prevention: Stop Breaches Before They Ship
Misconfiguration is the leading cause of cloud breaches, and it has no CVE and no patch. Here's a taxonomy of the common ones and a shift-left playbook to prevent them.