5 Critical AWS Security Misconfigurations (2026 Edition) – How to Find & Fix Them
Five AWS misconfigurations still causing breaches in 2026 — includes fixes for public S3 buckets, over-permissive IAM, open security groups, and missing monitoring.
AmazonSSMManagedInstanceCore: Full Policy Breakdown
Full breakdown of every permission in the AmazonSSMManagedInstanceCore IAM policy, plus a least-privilege custom alternative for production EC2 instances.
AWS Incident Response: 5 Scenarios & How to Contain Them
Five real-world AWS incident response scenarios with detection signals, containment steps, CLI commands, and automation examples. Practical guide for security teams.
AWS Security Checklist 2026: 30+ Controls for IAM, EC2 & S3
A step-by-step checklist to secure your AWS account in 2026 — includes IAM hardening, S3 lockdown, logging, and budget alerts. Beginner to intermediate friendly.
EKS Security Best Practices: Hardening Your Cluster
10 actionable EKS security best practices covering IAM integration, RBAC, network policies, pod security, image scanning, secrets management, and node hardening.
IAM Users Are Dead: Modern AWS Access Control for 2026
Stop using IAM users in AWS. This guide explains why they’re risky and how to migrate to Identity Center, STS, and OIDC-based access — step-by-step.
Meeting CIS Benchmarks for EC2: A Practical Guide
How to map, audit, and automate CIS Benchmark compliance for EC2 instances using AWS Config, Security Hub, SSM, and open-source scanners.
EKS Security: Monitoring, Audit Logs & Runtime Detection
How to monitor EKS for security threats using CloudWatch, GuardDuty, audit logs, and Falco. Covers AWS-native tools, open-source options, and best practices.
eJPTv2: Prep Strategy, Resources & Honest Review
For the past years, most of my focus has been on cloud security — hardening AWS environments, responding to incidents, and making sure access is tightly controlled. But lately, I’ve felt the urge to explore a different side of the equation: ethical hacking. That’s why I’ve decided to take the eJPTv2 (Junior Penetration Tester) certification. This post is a mix of personal motivation, my preparation strategy, and how I see pentesting tying directly back into the work I’ve done in AWS and incident response. ...
IDOR Vulnerabilities in AWS APIs: How to Find & Prevent Them
Deep dive into IDOR vulnerabilities with real AWS API examples, bug bounty cases, and prevention strategies for Lambda, API Gateway, and internal tooling.
Amazon GuardDuty Setup: Findings, Alerts & SIEM Integration
Set up Amazon GuardDuty from scratch: enable the service, understand finding severity, configure alerts via EventBridge, and integrate with SIEM systems.
Detect AWS IAM Privilege Escalation with CloudTrail
Set up AWS-native detection for privilege escalation using CloudTrail, EventBridge, and minimal infrastructure. Real API patterns and alerting included.
Hardened Amazon Linux 2 AMI with EC2 Image Builder
Step-by-step guide to build a hardened Amazon Linux 2 AMI with EC2 Image Builder including CIS benchmarks, IMDSv2 enforcement, auditd, and logging configuration.
IAM Least Privilege in AWS: Access Analyzer Guide
How to audit and refine IAM permissions using Access Analyzer, CloudTrail, and service access history — enforcing least privilege the right way in AWS.
Replace SSH with Session Manager: Secure EC2 Access Guide
Step-by-step guide to replacing SSH with AWS Systems Manager Session Manager for secure, auditable EC2 access with no inbound ports.
EC2 Hardening Guide: Secure AWS Instances Step by Step
This guide delves into the technical aspects of hardening EC2 instances, covering topics from instance selection to monitoring and automation, aligning with AWS’s security recommendations.
AWS Incident Response Toolkit: Resources & Templates
After publishing my free AWS IR checklist, I decided to go one step further — a full incident response toolkit with Terraform code, automation scripts, and ready-to-use templates. Here’s what’s inside.
AWS Security Monitoring Tools: Setup & Best Practices
How to build a real AWS security monitoring stack without overspending — using CloudTrail, EventBridge, GuardDuty, and open-source tools like Wazuh and OpenSearch.
AWS Temporary Credentials & IAM Roles: Security Best Practices
How to use IAM roles, STS, and temporary credentials securely — covering least privilege, session policies, credential expiration, and common mistakes.
AWS Incident Response Guide for Small Security Teams
Run effective incident response in AWS with automation and forensic best practices. Free playbook template included — no dedicated IR account needed.