Welcome to The Hidden Port

Cloud Security, Automation, Best Practices, and Beyond.

5 Critical AWS Security Misconfigurations (2026 Edition) – How to Find & Fix Them

Five AWS misconfigurations still causing breaches in 2026 — includes fixes for public S3 buckets, over-permissive IAM, open security groups, and missing monitoring.

July 7, 2026 · 4 min · 645 words · Javier Pulido

AmazonSSMManagedInstanceCore: Full Policy Breakdown

Full breakdown of every permission in the AmazonSSMManagedInstanceCore IAM policy, plus a least-privilege custom alternative for production EC2 instances.

July 7, 2026 · 7 min · 1462 words · Javier Pulido

AWS Incident Response: 5 Scenarios & How to Contain Them

Five real-world AWS incident response scenarios with detection signals, containment steps, CLI commands, and automation examples. Practical guide for security teams.

July 7, 2026 · 7 min · 1450 words · Javier Pulido

AWS Security Checklist 2026: 30+ Controls for IAM, EC2 & S3

A step-by-step checklist to secure your AWS account in 2026 — includes IAM hardening, S3 lockdown, logging, and budget alerts. Beginner to intermediate friendly.

July 7, 2026 · 3 min · 566 words · Javier Pulido

EKS Security Best Practices: Hardening Your Cluster

10 actionable EKS security best practices covering IAM integration, RBAC, network policies, pod security, image scanning, secrets management, and node hardening.

July 7, 2026 · 7 min · 1438 words · Javier Pulido

IAM Users Are Dead: Modern AWS Access Control for 2026

Stop using IAM users in AWS. This guide explains why they’re risky and how to migrate to Identity Center, STS, and OIDC-based access — step-by-step.

July 7, 2026 · 3 min · 437 words · Javier Pulido

Meeting CIS Benchmarks for EC2: A Practical Guide

How to map, audit, and automate CIS Benchmark compliance for EC2 instances using AWS Config, Security Hub, SSM, and open-source scanners.

September 25, 2025 · 3 min · 506 words · Javier Pulido

EKS Security: Monitoring, Audit Logs & Runtime Detection

How to monitor EKS for security threats using CloudWatch, GuardDuty, audit logs, and Falco. Covers AWS-native tools, open-source options, and best practices.

September 17, 2025 · 5 min · 955 words · Javier Pulido

eJPTv2: Prep Strategy, Resources & Honest Review

For the past years, most of my focus has been on cloud security — hardening AWS environments, responding to incidents, and making sure access is tightly controlled. But lately, I’ve felt the urge to explore a different side of the equation: ethical hacking. That’s why I’ve decided to take the eJPTv2 (Junior Penetration Tester) certification. This post is a mix of personal motivation, my preparation strategy, and how I see pentesting tying directly back into the work I’ve done in AWS and incident response. ...

September 8, 2025 · 3 min · 539 words · Javier Pulido

IDOR Vulnerabilities in AWS APIs: How to Find & Prevent Them

Deep dive into IDOR vulnerabilities with real AWS API examples, bug bounty cases, and prevention strategies for Lambda, API Gateway, and internal tooling.

June 27, 2025 · 5 min · 889 words · Javier Pulido

Amazon GuardDuty Setup: Findings, Alerts & SIEM Integration

Set up Amazon GuardDuty from scratch: enable the service, understand finding severity, configure alerts via EventBridge, and integrate with SIEM systems.

June 24, 2025 · 3 min · 599 words · Javier Pulido

Detect AWS IAM Privilege Escalation with CloudTrail

Set up AWS-native detection for privilege escalation using CloudTrail, EventBridge, and minimal infrastructure. Real API patterns and alerting included.

June 20, 2025 · 4 min · 761 words · Javier Pulido

Hardened Amazon Linux 2 AMI with EC2 Image Builder

Step-by-step guide to build a hardened Amazon Linux 2 AMI with EC2 Image Builder including CIS benchmarks, IMDSv2 enforcement, auditd, and logging configuration.

June 9, 2025 · 3 min · 560 words · Javier Pulido

IAM Least Privilege in AWS: Access Analyzer Guide

How to audit and refine IAM permissions using Access Analyzer, CloudTrail, and service access history — enforcing least privilege the right way in AWS.

June 9, 2025 · 3 min · 503 words · Javier Pulido

Replace SSH with Session Manager: Secure EC2 Access Guide

Step-by-step guide to replacing SSH with AWS Systems Manager Session Manager for secure, auditable EC2 access with no inbound ports.

June 3, 2025 · 7 min · 1344 words · Javier Pulido

EC2 Hardening Guide: Secure AWS Instances Step by Step

This guide delves into the technical aspects of hardening EC2 instances, covering topics from instance selection to monitoring and automation, aligning with AWS’s security recommendations.

May 29, 2025 · 2 min · 383 words · Javier Pulido

AWS Incident Response Toolkit: Resources & Templates

After publishing my free AWS IR checklist, I decided to go one step further — a full incident response toolkit with Terraform code, automation scripts, and ready-to-use templates. Here’s what’s inside.

May 20, 2025 · 2 min · 374 words · Javier Pulido

AWS Security Monitoring Tools: Setup & Best Practices

How to build a real AWS security monitoring stack without overspending — using CloudTrail, EventBridge, GuardDuty, and open-source tools like Wazuh and OpenSearch.

May 19, 2025 · 5 min · 883 words · Javier Pulido

AWS Temporary Credentials & IAM Roles: Security Best Practices

How to use IAM roles, STS, and temporary credentials securely — covering least privilege, session policies, credential expiration, and common mistakes.

May 11, 2025 · 4 min · 790 words · Javier Pulido

AWS Incident Response Guide for Small Security Teams

Run effective incident response in AWS with automation and forensic best practices. Free playbook template included — no dedicated IR account needed.

May 4, 2025 · 5 min · 939 words · Javier Pulido