Safeguard
Tag

aws

Safeguard articles tagged "aws" — guides, analysis, and best practices for software supply chain and application security.

67 articles

Cloud Security

Cloud Supply Chain Security Across AWS, Azure, and GCP

Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.

Feb 18, 20266 min read
Cloud Security

How to set up AWS Secrets Manager with automatic rotation

A practical guide to setting up AWS Secrets Manager with automatic rotation via Lambda, including verification steps and a comparison to Parameter Store.

Feb 14, 20267 min read
Cloud Security

GuardDuty Extended Threat Detection: What Defenders Actually Get

GuardDuty's extended threat detection correlates findings across signals into attack sequences. We dig into where it helps, where it misses, and how to wire it into supply chain incident response.

Feb 11, 20267 min read
Container Security

Fargate/ECS Container Supply Chain Pitfalls

The parts of container supply chain that break differently on AWS Fargate and ECS compared to Kubernetes, and what to do about each one in production.

Feb 6, 20267 min read
Cloud Security

AWS ECR Signing Policies with Notation

ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.

Feb 5, 20267 min read
Cloud Security

AWS Signer with Notation: Designing a Trust Policy That Survives Contact

AWS Signer integrates with Notation for OCI image signing. The hard part is not signing — it is the trust policy that decides what gets to run. We walk through one that holds up.

Jan 28, 20267 min read
Cloud Security

AWS CodeBuild/CodePipeline Hardening in 2026

CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.

Jan 22, 20267 min read
Cloud Security

Configuring automatic key rotation in AWS KMS

A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.

Jan 18, 20268 min read
Buyer's Guides

Comparing IAM models across AWS, Azure, and GCP

A practical AWS vs Azure vs GCP IAM comparison of native controls, evaluation criteria, real vendor tools, and where third-party solutions fit in.

Jan 6, 20268 min read
Cloud Security

Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...

A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.

Jan 6, 20268 min read
Cloud Security

Terraform AWS provider misconfiguration trends

Terraform's AWS misconfiguration trends in 2026: how provider v4.0 migration gaps, wildcard IAM policies, and state drift keep exposing production infrastructure.

Nov 4, 20257 min read
Cloud Security

AWS TEAM CVE-2025-1969: Spoofed Approvals in IAM Identity Center

AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.

Oct 2, 20256 min read
aws (Page 4) — Safeguard Blog