Welcome. This site is a working notebook for cloud security engineering: the patterns, tradeoffs, detections, and operational lessons that are useful when securing real cloud environments.
Start Here
- cloud-security-engineering - the main topic map for the site
- identity-and-access - IAM, federation, least privilege, and guardrails
- detections-and-response - cloud-native detection ideas and response playbooks
- infrastructure-security - secure-by-default infrastructure and platform controls
Writing Queue
- AWS IAM policy review checklist
- Azure Entra ID conditional access patterns
- CloudTrail detection ideas that are actually worth alerting on
- Terraform module security review notes
- Incident response notes for exposed cloud credentials