Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Container Security

How to enable and configure Amazon ECR image scanning for...

A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.

Jan 21, 20267 min read
Cloud Security

Best practices for implementing least-privilege IAM polic...

A practical guide to designing least-privilege IAM policies in AWS: permission boundaries, policy patterns, and habits that keep access tight as teams scale.

Jan 21, 20267 min read
Cloud Security

Automating secret rotation with AWS Secrets Manager

A step-by-step guide to configuring AWS Secrets Manager rotation for RDS credentials, deploying the rotation Lambda function, and verifying it actually works.

Jan 20, 20268 min read
Container Security

Hardening Amazon EKS clusters against common attack paths

A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.

Jan 20, 20268 min read
DevSecOps

Securing AWS CodePipeline and CodeBuild against supply ch...

CodePipeline and CodeBuild sit where code, secrets, and compute converge unattended — here's where supply chain attacks actually enter and how to close the gaps.

Jan 20, 20267 min read
Cloud Security

Using AWS IAM Access Analyzer to find unused and external...

How AWS IAM Access Analyzer surfaces unused permissions and external access risk across your AWS accounts, and where native findings need extra context to prioritize.

Jan 19, 20266 min read
Cloud Security

How AWS STS temporary credentials reduce long-lived key risk

Long-lived AWS keys sit in code and CI logs for years. AWS STS temporary credentials expire automatically, shrinking the window attackers have to exploit a leak.

Jan 19, 20268 min read
Cloud Security

Configuring automatic key rotation in AWS KMS

A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.

Jan 18, 20268 min read
Cloud Security

Setting up OIDC federation between GitHub Actions and AWS...

A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.

Jan 17, 20267 min read
Cloud Security

Common AWS IAM misconfigurations that lead to breaches

Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.

Jan 17, 20268 min read
Cloud Security

Best practices for rotating secrets stored in Azure Key V...

A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.

Jan 17, 20269 min read
Cloud Security

Using Azure AD Workload Identity Federation to remove sec...

How Azure Workload Identity Federation lets AKS and CI workloads swap Azure AD access tokens without ever storing a client secret—and how to migrate safely.

Jan 16, 20267 min read
cloud-security (Page 17) — Safeguard Blog