aws
Safeguard articles tagged "aws" — guides, analysis, and best practices for software supply chain and application security.
67 articles
Cloud Supply Chain Security Across AWS, Azure, and GCP
Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.
How to set up AWS Secrets Manager with automatic rotation
A practical guide to setting up AWS Secrets Manager with automatic rotation via Lambda, including verification steps and a comparison to Parameter Store.
GuardDuty Extended Threat Detection: What Defenders Actually Get
GuardDuty's extended threat detection correlates findings across signals into attack sequences. We dig into where it helps, where it misses, and how to wire it into supply chain incident response.
Fargate/ECS Container Supply Chain Pitfalls
The parts of container supply chain that break differently on AWS Fargate and ECS compared to Kubernetes, and what to do about each one in production.
AWS ECR Signing Policies with Notation
ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.
AWS Signer with Notation: Designing a Trust Policy That Survives Contact
AWS Signer integrates with Notation for OCI image signing. The hard part is not signing — it is the trust policy that decides what gets to run. We walk through one that holds up.
AWS CodeBuild/CodePipeline Hardening in 2026
CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.
Configuring automatic key rotation in AWS KMS
A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.
Comparing IAM models across AWS, Azure, and GCP
A practical AWS vs Azure vs GCP IAM comparison of native controls, evaluation criteria, real vendor tools, and where third-party solutions fit in.
Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...
A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.
Terraform AWS provider misconfiguration trends
Terraform's AWS misconfiguration trends in 2026: how provider v4.0 migration gaps, wildcard IAM policies, and state drift keep exposing production infrastructure.
AWS TEAM CVE-2025-1969: Spoofed Approvals in IAM Identity Center
AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.