iam
Safeguard articles tagged "iam" — guides, analysis, and best practices for software supply chain and application security.
36 articles
How to enable MFA on an AWS root account
A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.
How to set up AWS Secrets Manager with automatic rotation
A practical guide to setting up AWS Secrets Manager with automatic rotation via Lambda, including verification steps and a comparison to Parameter Store.
GCP Cloud Build + Workload Identity Federation
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
Setting up OIDC federation between GitHub Actions and AWS...
A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.
Managing and securing GCP service account keys
A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.
Using GCP organization policy constraints to enforce secu...
GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.
Comparing IAM models across AWS, Azure, and GCP
A practical AWS vs Azure vs GCP IAM comparison of native controls, evaluation criteria, real vendor tools, and where third-party solutions fit in.
Cloud Cyber Security: The Fundamentals Teams Skip
The cloud cyber security fundamentals teams reliably skip — identity sprawl, misconfigured storage, and compliance standards treated as a checkbox instead of a control.
Startups vs Enterprises: Why Smaller Cloud Footprints Are...
Smaller cloud footprints feel safer, but startups often face a higher per-workload security incident rate than enterprises. Here's why size is the wrong safety proxy.
AWS Service-Linked Role Abuse Techniques, 2025
Service-linked roles are the soft underbelly of AWS IAM. We catalogue the 2024-2025 abuse primitives and the detection queries that catch them.
AWS IAM Roles Anywhere and the Supply Chain
IAM Roles Anywhere lets workloads outside AWS assume IAM roles using X.509 certificates. It is also becoming the authentication layer for supply chain tools. Here is what the threat model looks like.
AWS Step Functions Workflow Security
Step Functions workflows orchestrate everything from data pipelines to security automations. The workflow IAM role is almost always the most powerful thing in the stack. Here is how to lock it down.