Safeguard
Tag

iam

Safeguard articles tagged "iam" — guides, analysis, and best practices for software supply chain and application security.

36 articles

Cloud Security

How to enable MFA on an AWS root account

A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.

Feb 15, 20268 min read
Cloud Security

How to set up AWS Secrets Manager with automatic rotation

A practical guide to setting up AWS Secrets Manager with automatic rotation via Lambda, including verification steps and a comparison to Parameter Store.

Feb 14, 20267 min read
Cloud Security

GCP Cloud Build + Workload Identity Federation

Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.

Feb 1, 20267 min read
Cloud Security

Setting up OIDC federation between GitHub Actions and AWS...

A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.

Jan 17, 20267 min read
Cloud Security

Managing and securing GCP service account keys

A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.

Jan 11, 20268 min read
Cloud Security

Using GCP organization policy constraints to enforce secu...

GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.

Jan 10, 20268 min read
Buyer's Guides

Comparing IAM models across AWS, Azure, and GCP

A practical AWS vs Azure vs GCP IAM comparison of native controls, evaluation criteria, real vendor tools, and where third-party solutions fit in.

Jan 6, 20268 min read
Cloud Security

Cloud Cyber Security: The Fundamentals Teams Skip

The cloud cyber security fundamentals teams reliably skip — identity sprawl, misconfigured storage, and compliance standards treated as a checkbox instead of a control.

Aug 14, 20255 min read
Container Security

Startups vs Enterprises: Why Smaller Cloud Footprints Are...

Smaller cloud footprints feel safer, but startups often face a higher per-workload security incident rate than enterprises. Here's why size is the wrong safety proxy.

Aug 4, 20258 min read
Vulnerability Management

AWS Service-Linked Role Abuse Techniques, 2025

Service-linked roles are the soft underbelly of AWS IAM. We catalogue the 2024-2025 abuse primitives and the detection queries that catch them.

Apr 28, 20255 min read
Best Practices

AWS IAM Roles Anywhere and the Supply Chain

IAM Roles Anywhere lets workloads outside AWS assume IAM roles using X.509 certificates. It is also becoming the authentication layer for supply chain tools. Here is what the threat model looks like.

Nov 5, 20248 min read
Best Practices

AWS Step Functions Workflow Security

Step Functions workflows orchestrate everything from data pipelines to security automations. The workflow IAM role is almost always the most powerful thing in the stack. Here is how to lock it down.

Aug 10, 20247 min read
iam (Page 3) — Safeguard Blog