9 posts · RSS
← All postsPlaybook for migrating a production app from AWS (Lambda, DynamoDB, RDS, S3, SQS, ElastiCache) to Cloudflare: per-primitive mapping, 3 strategies, cutover, rollback, 10 pitfalls....
KhaVan Per-primitive Cloudflare pricing (Workers, D1, KV, R2, Queues, DOs, Vectorize, Workers AI), tier breakpoints, AWS comparison, and 3 scale scenarios from blog to 100M req/month....
KhaVan Practical walk-through of AWS Security Maturity Model v2: 74 controls across four phases (Quick Wins, Foundational, Efficient, Optimized), real ordering, traps, and Org mapping....
KhaVan Field notes from the AWS Security Maturity Model Assessment Tool across four phases (Quick Wins, Foundational, Efficient, Optimized): architecture, workflow, JSON/Excel export....
KhaVan How KMS key-policy evaluation works: cross-account access, condition keys, grants, key rotation, production patterns. With JSON policy examples and a production checklist....
KhaVan An auto-remediation pipeline for GuardDuty using EventBridge and Lambda: isolate instances, snapshot for forensics, revoke credentials, and scale it across an Organization....
KhaVan An AWS-native solution for rotating, disabling, and deleting IAM access keys on policy — the multi-account architecture, trade-offs, and what operating it actually takes....
KhaVan Workload Identity Federation deep dive: why Service Account Keys are anti-pattern, AWS STS → Google STS exchange, attribute mapping, impersonation, threat model, Terraform....
KhaVan How I built an in-house CSPM engine scanning many AWS Landing Zones in parallel with Prowler, storing findings in D1 and artifacts in R2, into one Security Operations dashboard....
KhaVan AI answers grounded in ~75 published posts with citations. Ask about Cloudflare, AWS, Zero Trust, cloud security.
