6 posts · RSS
← All postsPractical walk-through of AWS Security Maturity Model v2: 74 controls across four phases (Quick Wins, Foundational, Efficient, Optimized), real ordering, traps, and Org mapping....
KhaVan Field notes from the AWS Security Maturity Model Assessment Tool across four phases (Quick Wins, Foundational, Efficient, Optimized): architecture, workflow, JSON/Excel export....
KhaVan How KMS key-policy evaluation works: cross-account access, condition keys, grants, key rotation, production patterns. With JSON policy examples and a production checklist....
KhaVan An auto-remediation pipeline for GuardDuty using EventBridge and Lambda: isolate instances, snapshot for forensics, revoke credentials, and scale it across an Organization....
KhaVan Workload Identity Federation deep dive: why Service Account Keys are anti-pattern, AWS STS → Google STS exchange, attribute mapping, impersonation, threat model, Terraform....
KhaVan How I built an in-house CSPM engine scanning many AWS Landing Zones in parallel with Prowler, storing findings in D1 and artifacts in R2, into one Security Operations dashboard....
KhaVan AI answers grounded in ~75 published posts with citations. Ask about Cloudflare, AWS, Zero Trust, cloud security.
