My AWS IAM access keys were exposed & exploited…what should I do? [Cheat Sheet]
My AWS access keys were exposed and are being exploited by a threat actor. What do I do?!?! Step 1: Don’t panic! I’ve got you.…
Tag: AWS Security
Create a least privilege S3 bucket policy [Cheat Sheet]
Learning how to keep your Amazon S3 buckets safe and finding weak spots in bucket policies is an important part of managing AWS resources and…
Ditching long-term AWS access keys (including easy wins regardless of scale)
It wasn’t that long ago when long-term access keys were one of the primary methods for accessing AWS resources and environments. You would create an…
AWS CloudTrail Best Practices [Checklist] [Cheat Sheet]
Are you following CloudTrail best practices? Here’s a simple checklist ✅ Under the hood, AWS Security Hub service is looking for these best practices: ✅ [CloudTrail.1] CloudTrail…
AWS Security Hub: Getting Started
Security Hub is a Cloud Security Posture Management (CSPM) service that you can use to perform security best practice checks, aggregate alerts, and enable automated…
AWS Security Services [Cheat Sheet]
Whether you’re actively trying to secure your AWS environments, you’re studying for the Certified Security Specialty exam, or you’re just curious and want to learn…
Network ACLs (NACLs) versus Security Groups (SGs) [Cheat Sheet]
To control the flow of data in and out of your VPCs and Subnets in AWS, you can use Network Access Control Lists (NACLs), Security Groups…
Must-have AWS security monitoring & alerting [Cheat Sheet]
Most of us know that having visibility into our cloud accounts and resources is critical, but it can easily be overwhelming to implement. What should…
IaC Scanning and Policy as Code with Checkov [Cheat Sheet]
We posted a video introducing the benefits of Infrastructure as Code (IaC) scanning and Policy as Code scanning, and why you absolutely should be running…
Anatomy of an AWS IAM Policy [Cheat Sheet]
If we had to name the most critical service to understand when it comes to AWS security, it would have to be IAM (Identity and…