cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
How to enable and configure Amazon ECR image scanning for...
A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.
Best practices for implementing least-privilege IAM polic...
A practical guide to designing least-privilege IAM policies in AWS: permission boundaries, policy patterns, and habits that keep access tight as teams scale.
Automating secret rotation with AWS Secrets Manager
A step-by-step guide to configuring AWS Secrets Manager rotation for RDS credentials, deploying the rotation Lambda function, and verifying it actually works.
Hardening Amazon EKS clusters against common attack paths
A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.
Securing AWS CodePipeline and CodeBuild against supply ch...
CodePipeline and CodeBuild sit where code, secrets, and compute converge unattended — here's where supply chain attacks actually enter and how to close the gaps.
Using AWS IAM Access Analyzer to find unused and external...
How AWS IAM Access Analyzer surfaces unused permissions and external access risk across your AWS accounts, and where native findings need extra context to prioritize.
How AWS STS temporary credentials reduce long-lived key risk
Long-lived AWS keys sit in code and CI logs for years. AWS STS temporary credentials expire automatically, shrinking the window attackers have to exploit a leak.
Configuring automatic key rotation in AWS KMS
A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.
Setting up OIDC federation between GitHub Actions and AWS...
A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.
Common AWS IAM misconfigurations that lead to breaches
Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.
Best practices for rotating secrets stored in Azure Key V...
A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.
Using Azure AD Workload Identity Federation to remove sec...
How Azure Workload Identity Federation lets AKS and CI workloads swap Azure AD access tokens without ever storing a client secret—and how to migrate safely.