AWS SCPs That Actually Work: Practical Guide for Real Teams
SCPs every AWS org should deploy on day one — plus the break-glass pattern, limit gotchas, and why you shouldn’t use SCPs to fix human behavior.
5 Critical AWS Security Misconfigurations (2026 Edition) – How to Find & Fix Them
Five AWS misconfigurations still causing breaches in 2026 — includes fixes for public S3 buckets, over-permissive IAM, open security groups, and missing monitoring.
AmazonSSMManagedInstanceCore: Full Policy Breakdown
Full breakdown of every permission in the AmazonSSMManagedInstanceCore IAM policy, plus a least-privilege custom alternative for production EC2 instances.
AWS Incident Response: 5 Scenarios & How to Contain Them
Five real-world AWS incident response scenarios with detection signals, containment steps, CLI commands, and automation examples. Practical guide for security teams.
AWS Security Checklist 2026: 30+ Controls for IAM, EC2 & S3
A step-by-step checklist to secure your AWS account in 2026 — includes IAM hardening, S3 lockdown, logging, and budget alerts. Beginner to intermediate friendly.
EKS Security Best Practices: Hardening Your Cluster
10 actionable EKS security best practices covering IAM integration, RBAC, network policies, pod security, image scanning, secrets management, and node hardening.
IAM Users Are Dead: Modern AWS Access Control for 2026
Stop using IAM users in AWS. This guide explains why they’re risky and how to migrate to Identity Center, STS, and OIDC-based access — step-by-step.
Meeting CIS Benchmarks for EC2: A Practical Guide
How to map, audit, and automate CIS Benchmark compliance for EC2 instances using AWS Config, Security Hub, SSM, and open-source scanners.
EKS Security Best Practices: Monitoring, Audit Logs & Runtime Detection (2026)
Practical EKS security checklist — control plane audit logs, Falco runtime detection, GuardDuty for containers, and the monitoring gaps most teams miss.
eJPTv2: Prep Strategy, Resources & Honest Review
For the past years, most of my focus has been on cloud security — hardening AWS environments, responding to incidents, and making sure access is tightly controlled. But lately, I’ve felt the urge to explore a different side of the equation: ethical hacking. That’s why I’ve decided to take the eJPTv2 (Junior Penetration Tester) certification. This post is a mix of personal motivation, my preparation strategy, and how I see pentesting tying directly back into the work I’ve done in AWS and incident response. ...
IDOR Vulnerabilities in AWS APIs: How to Find & Prevent Them
Deep dive into IDOR vulnerabilities with real AWS API examples, bug bounty cases, and prevention strategies for Lambda, API Gateway, and internal tooling.
Amazon GuardDuty Setup Guide: Findings, EventBridge Alerts & SIEM Integration
Set up GuardDuty in 10 minutes, route findings to Slack or your SIEM via EventBridge, and learn which finding types actually matter.
Detect AWS IAM Privilege Escalation with CloudTrail
Set up AWS-native detection for privilege escalation using CloudTrail, EventBridge, and minimal infrastructure. Real API patterns and alerting included.
Hardened Amazon Linux 2 AMI with EC2 Image Builder
Step-by-step guide to build a hardened Amazon Linux 2 AMI with EC2 Image Builder including CIS benchmarks, IMDSv2 enforcement, auditd, and logging configuration.
IAM Least Privilege in AWS: Access Analyzer Guide
How to audit and refine IAM permissions using Access Analyzer, CloudTrail, and service access history — enforcing least privilege the right way in AWS.
AWS Session Manager Setup: AmazonSSMManagedInstanceCore & Secure EC2 Access
Complete SSM Session Manager setup — AmazonSSMManagedInstanceCore policy, IAM roles, and replacing SSH with zero open ports.
EC2 Hardening Guide: Secure AWS Instances Step by Step
This guide delves into the technical aspects of hardening EC2 instances, covering topics from instance selection to monitoring and automation, aligning with AWS’s security recommendations.
AWS Incident Response Toolkit: Resources & Templates
After publishing my free AWS IR checklist, I decided to go one step further — a full incident response toolkit with Terraform code, automation scripts, and ready-to-use templates. Here’s what’s inside.
AWS Security Monitoring Tools: Setup & Best Practices
How to build a real AWS security monitoring stack without overspending — using CloudTrail, EventBridge, GuardDuty, and open-source tools like Wazuh and OpenSearch.
Stop Using Access Keys: AWS Temporary Credentials Done Right
Ditch long-term access keys. Practical guide to IAM roles, STS, and temporary credentials — with real mistakes to avoid and least-privilege patterns that work.