aws-security
Safeguard articles tagged "aws-security" — guides, analysis, and best practices for software supply chain and application security.
29 articles
The AWS migration security checklist: IAM, encryption, and network segmentation
A misconfigured WAF and an over-permissioned IAM role exposed 106 million records in 2019 — here's the checklist that prevents a repeat during your AWS migration.
The AWS misconfiguration cheat sheet: public S3, open IAM, and open security groups
Three misconfigurations — public S3 buckets, over-permissioned IAM roles, and 0.0.0.0/0 security groups — keep causing breaches. Here's the CLI to find and fix each one.
The 2026 AWS Security Checklist: Account, IAM, Network, and Data Controls
One SSRF call against an unpatched WAF and a permissive IAM role were enough to expose 106 million Capital One records in 2019 — here's the checklist that stops it.
The most common AWS misconfigurations in 2026, with detection commands
Public S3 buckets, wildcard IAM policies, and 0.0.0.0/0 security groups remain the top three AWS findings — here's how to detect each with native tools.
High-profile AWS breaches: lessons learned
Capital One's 2019 breach exposed 106 million records through a single SSRF call to the EC2 metadata service — here's the exact control that would have stopped it.
AWS Security Best Practices for 2026
A practical, code-backed walkthrough of the AWS security controls that actually reduce breach risk in 2026 — identity, data, network, and infrastructure-as-code.
Top AWS security misconfigurations and how to fix them
A practical AWS misconfigurations cheat sheet — IAM, S3, security groups, logging, and snapshots — with real breach data and exact fixes.
The AWS shared responsibility model explained
AWS secures the cloud; you secure what's in it. Here's exactly where that line falls across EC2, RDS, Lambda, and EKS -- with real breach examples.
How to secure an Amazon S3 bucket
S3 misconfigurations have caused breaches from Verizon to Pegasus Airlines. Here's what actually secures a bucket—defaults, policies, encryption, and monitoring that hold.
AWS IAM permissions boundaries best practices
How AWS IAM permissions boundaries cap delegated identities, differ from SCPs, and where teams get privilege escalation wrong.
Scanning Terraform code for security misconfigurations
Public S3 buckets, open security groups, and wildcard IAM policies are the recurring Terraform mistakes behind most cloud breaches — here's how to catch them before apply.
Managing Terraform state file security risks
Terraform state files store database passwords, IAM keys, and private keys in plaintext. Here's how they leak, why encryption alone won't save you, and how to lock them down.