aws-security
Safeguard articles tagged "aws-security" — guides, analysis, and best practices for software supply chain and application security.
29 articles
Scanning AWS CloudFormation templates for misconfigurations
CloudFormation deploys exactly what you write, misconfigurations included. Here's how scanning catches IAM, S3, and security group errors before they ship.
Cloud misconfiguration as the top cause of cloud breaches
Capital One, Toyota, and a single Azure endpoint that leaked 65,000 companies' data all trace back to one root cause: cloud misconfiguration.
What is AWS CloudFormation Security
What is CloudFormation security? A practical breakdown of IAM least privilege, drift detection, secret scanning, and template misconfigurations that cause breaches.
How to set up AWS GuardDuty for threat detection
A step-by-step guide to enabling AWS GuardDuty across accounts and regions, routing findings to your alerting stack, and triaging results.
How to set up AWS CloudTrail logging
A step-by-step guide to setting up AWS CloudTrail logging, enabling it across all regions, validating log integrity, and building a solid audit logging setup.
How to enable MFA on an AWS root account
A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.
How to set up a bastion host for secure SSH access
A step-by-step guide to set up bastion host SSH access on AWS, with ProxyJump configs, security group rules, and a verification checklist for hardened jump box access.
How to configure AWS Config for continuous compliance mon...
A step-by-step guide to configure AWS Config compliance monitoring: rules setup, conformance packs, alerting, remediation, and multi-account aggregation.
Hardening Amazon EKS clusters against common attack paths
A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.
Using AWS IAM Access Analyzer to find unused and external...
How AWS IAM Access Analyzer surfaces unused permissions and external access risk across your AWS accounts, and where native findings need extra context to prioritize.
Continuous container vulnerability scanning with Amazon I...
How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.
Comparing confidential VM offerings across major cloud pr...
A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.