Aws

Learn what IDOR is, why it’s so common (and dangerous), see real AWS-related examples, and discover prevention and detection methods for robust API security.

A comprehensive guide to setting up Amazon GuardDuty, interpreting its findings, and integrating with SIEM systems to bolster AWS security.

A deep technical guide to setting up AWS-native detection for privilege escalation using CloudTrail, EventBridge, and minimal infrastructure.

Step-by-step guide to build a hardened Amazon Linux 2 AMI with EC2 Image Builder including CIS benchmarks, IMDSv2 enforcement, auditd, and logging configuration.

This article shows how to audit and refine IAM permissions using Access Analyzer, CloudTrail, and service access history — enforcing least privilege the right way in AWS.

Introduction Traditional SSH access to EC2 instances poses several security challenges, including the management of SSH keys, exposure of ports, and lack of centralized auditing. AWS Systems Manager Session Manager offers a secure and auditable alternative, allowing you to manage EC2 instances without opening inbound ports or maintaining bastion hosts. This guide provides a step-by-step approach to configuring Session Manager for secure EC2 access, aligning with AWS’s official documentation and best practices. ...

This guide delves into the technical aspects of hardening EC2 instances, covering topics from instance selection to monitoring and automation, aligning with AWS’s security recommendations.

After publishing my free AWS IR checklist, I decided to go one step further — a full incident response toolkit with Terraform code, automation scripts, and ready-to-use templates. Here’s what’s inside.

Monitoring in AWS doesn’t have to be expensive. In this guide, we’ll walk through real-world strategies to detect and respond to security events in AWS without blowing your budget — using a mix of native tooling, automation, and open-source solutions. Table of Contents Introduction Why AWS Monitoring Costs Spiral Key Principles for Cost-Effective Monitoring Low-Cost Native AWS Tools for Security Monitoring Open-Source Solutions That Complement AWS Example Architectures & Pricing Automation Snippets for Cost-Efficient Alerts Common Pitfalls to Avoid Conclusion Introduction When people talk about security monitoring in AWS, the conversation quickly jumps to expensive SIEM tools or overengineered pipelines. But if you’re running lean, or just want better control over where your money is going, you can achieve excellent security visibility with surprisingly low cost. ...

Temporary credentials are one of the most powerful — and misunderstood — access mechanisms in AWS. They’re essential for enabling short-lived, tightly scoped access without the long-term baggage of static IAM user credentials. But with this flexibility comes a new surface for mistakes, misuse, and oversights. In this post, I’ll walk through the core use cases for temporary credentials, how they work, where they go wrong, and the best ways to keep them secure in your environment. ...