Files
awesome-kubernetes/site/aws-security/index.html

3898 lines
128 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Enterprise-grade curated portal for the modern Cloud Native ecosystem. High-density, AI-driven selection of top-tier resources.">
<meta name="author" content="Nubenetes">
<link rel="canonical" href="https://nubenetes.com/aws-security/">
<link rel="prev" href="../aws-pricing/">
<link rel="next" href="../aws-serverless/">
<link rel="icon" href="../images/favicon-ultra.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
<title>AWS Security - Nubenetes V2 | The AI's Cut</title>
<link rel="stylesheet" href="../assets/stylesheets/main.484c7ddc.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.ab4e12ef.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap">
<link rel="stylesheet" href="../static/extra.css">
<link rel="stylesheet" href="../static/v2_elite.css?v=2.3.44">
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="slate" data-md-color-primary="custom" data-md-color-accent="custom">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#aws-security" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="Nubenetes V2 | The AI&#39;s Cut" class="md-header__button md-logo" aria-label="Nubenetes V2 | The AI's Cut" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Nubenetes V2 | The AI's Cut
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
AWS Security
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="custom" data-md-color-accent="custom" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 1 3 5v6c0 5.55 3.84 10.74 9 12 5.16-1.26 9-6.45 9-12V5z"/></svg>
</label>
<input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="custom" data-md-color-accent="custom" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 11c0 5.55-3.84 10.74-9 12-5.16-1.26-9-6.45-9-12V5l9-4 9 4zm-9 10c3.75-1 7-5.46 7-9.78V6.3l-7-3.12L5 6.3v4.92C5 15.54 8.25 20 12 21m-3-6.67c1.76 2.17 5.13 2.24 6.97.07.23-.27.08-.68-.26-.74a4.5 4.5 0 0 1-3.18-2.2 4.5 4.5 0 0 1-.32-3.86.453.453 0 0 0-.51-.6c-3.34.62-4.89 4.61-2.7 7.33"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg>
</a>
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/nubenetes/awesome-kubernetes" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
nubenetes/awesome-kubernetes
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="https://nubenetes.com/v1/" class="md-tabs__link">
🔙 Back to V1 (Exhaustive)
</a>
</li>
<li class="md-tabs__item">
<a href=".." class="md-tabs__link">
The 2026 Vision
</a>
</li>
<li class="md-tabs__item">
<a href="../tags/" class="md-tabs__link">
Technical Tags
</a>
</li>
<li class="md-tabs__item">
<a href="../videos/" class="md-tabs__link">
Agentic Video Hub
</a>
</li>
<li class="md-tabs__item">
<a href="../ai-agents-mcp/" class="md-tabs__link">
AI
</a>
</li>
<li class="md-tabs__item">
<a href="../about/" class="md-tabs__link">
Architectural Foundations
</a>
</li>
<li class="md-tabs__item">
<a href="../chaos-engineering/" class="md-tabs__link">
Platform & Site Reliability
</a>
</li>
<li class="md-tabs__item">
<a href="../ansible/" class="md-tabs__link">
Hardened Infrastructure
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../GoogleCloudPlatform/" class="md-tabs__link">
Cloud Providers (Hyperscalers)
</a>
</li>
<li class="md-tabs__item">
<a href="../caching/" class="md-tabs__link">
Networking & Service Mesh
</a>
</li>
<li class="md-tabs__item">
<a href="../container-managers/" class="md-tabs__link">
The Container Stack
</a>
</li>
<li class="md-tabs__item">
<a href="../crunchydata/" class="md-tabs__link">
Data & Advanced Analytics
</a>
</li>
<li class="md-tabs__item">
<a href="../argo/" class="md-tabs__link">
Engineering Pipeline
</a>
</li>
<li class="md-tabs__item">
<a href="../ChromeDevTools/" class="md-tabs__link">
Developer Ecosystem
</a>
</li>
<li class="md-tabs__item">
<a href="../appointment-scheduling/" class="md-tabs__link">
Career & Industry
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="Nubenetes V2 | The AI&#39;s Cut" class="md-nav__button md-logo" aria-label="Nubenetes V2 | The AI's Cut" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
Nubenetes V2 | The AI's Cut
</label>
<div class="md-nav__source">
<a href="https://github.com/nubenetes/awesome-kubernetes" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
nubenetes/awesome-kubernetes
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="https://nubenetes.com/v1/" class="md-nav__link">
<span class="md-ellipsis">
🔙 Back to V1 (Exhaustive)
</span>
</a>
</li>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
<span class="md-ellipsis">
The 2026 Vision
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../tags/" class="md-nav__link">
<span class="md-ellipsis">
Technical Tags
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../videos/" class="md-nav__link">
<span class="md-ellipsis">
Agentic Video Hub
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../ai-agents-mcp/" class="md-nav__link">
<span class="md-ellipsis">
AI
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../about/" class="md-nav__link">
<span class="md-ellipsis">
Architectural Foundations
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../chaos-engineering/" class="md-nav__link">
<span class="md-ellipsis">
Platform & Site Reliability
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../ansible/" class="md-nav__link">
<span class="md-ellipsis">
Hardened Infrastructure
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" checked>
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="">
<span class="md-ellipsis">
Cloud Providers (Hyperscalers)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Cloud Providers (Hyperscalers)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../GoogleCloudPlatform/" class="md-nav__link">
<span class="md-ellipsis">
Googlecloudplatform
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-architecture/" class="md-nav__link">
<span class="md-ellipsis">
AWS Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-backup/" class="md-nav__link">
<span class="md-ellipsis">
AWS Backup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-containers/" class="md-nav__link">
<span class="md-ellipsis">
AWS Containers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-data/" class="md-nav__link">
<span class="md-ellipsis">
AWS Data
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-databases/" class="md-nav__link">
<span class="md-ellipsis">
AWS Databases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-devops/" class="md-nav__link">
<span class="md-ellipsis">
AWS DevOps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-iac/" class="md-nav__link">
<span class="md-ellipsis">
AWS IaC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-messaging/" class="md-nav__link">
<span class="md-ellipsis">
AWS Messaging
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-miscellaneous/" class="md-nav__link">
<span class="md-ellipsis">
AWS Miscellaneous
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-monitoring/" class="md-nav__link">
<span class="md-ellipsis">
AWS Monitoring
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-networking/" class="md-nav__link">
<span class="md-ellipsis">
AWS Networking
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-newfeatures/" class="md-nav__link">
<span class="md-ellipsis">
AWS Newfeatures
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-pricing/" class="md-nav__link">
<span class="md-ellipsis">
AWS Pricing
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
AWS Security
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
AWS Security
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#table-of-contents" class="md-nav__link">
<span class="md-ellipsis">
Table of Contents
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#aws" class="md-nav__link">
<span class="md-ellipsis">
AWS
</span>
</a>
<nav class="md-nav" aria-label="AWS">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#multi-account-setup" class="md-nav__link">
<span class="md-ellipsis">
Multi-Account Setup
</span>
</a>
<nav class="md-nav" aria-label="Multi-Account Setup">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#governance" class="md-nav__link">
<span class="md-ellipsis">
Governance
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#architectural-foundations" class="md-nav__link">
<span class="md-ellipsis">
Architectural Foundations
</span>
</a>
<nav class="md-nav" aria-label="Architectural Foundations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#kubernetes-tools" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes Tools
</span>
</a>
<nav class="md-nav" aria-label="Kubernetes Tools">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#general-reference" class="md-nav__link">
<span class="md-ellipsis">
General Reference
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#cloud-architecture" class="md-nav__link">
<span class="md-ellipsis">
Cloud Architecture
</span>
</a>
<nav class="md-nav" aria-label="Cloud Architecture">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-1" class="md-nav__link">
<span class="md-ellipsis">
AWS (1)
</span>
</a>
<nav class="md-nav" aria-label="AWS (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cryptography" class="md-nav__link">
<span class="md-ellipsis">
Cryptography
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#data-protection" class="md-nav__link">
<span class="md-ellipsis">
Data Protection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#database-security" class="md-nav__link">
<span class="md-ellipsis">
Database Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#identity-and-access-management" class="md-nav__link">
<span class="md-ellipsis">
Identity and Access Management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#infrastructure-management" class="md-nav__link">
<span class="md-ellipsis">
Infrastructure Management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#networking" class="md-nav__link">
<span class="md-ellipsis">
Networking
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#saas-architecture" class="md-nav__link">
<span class="md-ellipsis">
SaaS Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#secrets-management" class="md-nav__link">
<span class="md-ellipsis">
Secrets Management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#security-auditing" class="md-nav__link">
<span class="md-ellipsis">
Security Auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#security-and-compliance" class="md-nav__link">
<span class="md-ellipsis">
Security and Compliance
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sustainability" class="md-nav__link">
<span class="md-ellipsis">
Sustainability
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#vulnerability-management" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Management
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#aws-governance" class="md-nav__link">
<span class="md-ellipsis">
AWS Governance
</span>
</a>
<nav class="md-nav" aria-label="AWS Governance">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#access-control" class="md-nav__link">
<span class="md-ellipsis">
Access Control
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#compliance-frameworks" class="md-nav__link">
<span class="md-ellipsis">
Compliance Frameworks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#landing-zone-automation" class="md-nav__link">
<span class="md-ellipsis">
Landing Zone Automation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#multi-account-strategy" class="md-nav__link">
<span class="md-ellipsis">
Multi-Account Strategy
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#certification" class="md-nav__link">
<span class="md-ellipsis">
Certification
</span>
</a>
<nav class="md-nav" aria-label="Certification">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-2" class="md-nav__link">
<span class="md-ellipsis">
AWS (2)
</span>
</a>
<nav class="md-nav" aria-label="AWS (2)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#solutions-architect-professional" class="md-nav__link">
<span class="md-ellipsis">
Solutions Architect Professional
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#cloud-engineering" class="md-nav__link">
<span class="md-ellipsis">
Cloud Engineering
</span>
</a>
<nav class="md-nav" aria-label="Cloud Engineering">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#devsecops" class="md-nav__link">
<span class="md-ellipsis">
DevSecOps
</span>
</a>
<nav class="md-nav" aria-label="DevSecOps">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#security" class="md-nav__link">
<span class="md-ellipsis">
Security
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#cloud-native-platforms" class="md-nav__link">
<span class="md-ellipsis">
Cloud Native Platforms
</span>
</a>
<nav class="md-nav" aria-label="Cloud Native Platforms">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#azure" class="md-nav__link">
<span class="md-ellipsis">
Azure
</span>
</a>
<nav class="md-nav" aria-label="Azure">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#security-automation" class="md-nav__link">
<span class="md-ellipsis">
Security Automation
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#devsecops-1" class="md-nav__link">
<span class="md-ellipsis">
DevSecOps (1)
</span>
</a>
<nav class="md-nav" aria-label="DevSecOps (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#policy-as-code" class="md-nav__link">
<span class="md-ellipsis">
Policy as Code
</span>
</a>
<nav class="md-nav" aria-label="Policy as Code">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#open-policy-agent" class="md-nav__link">
<span class="md-ellipsis">
Open Policy Agent
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#security-1" class="md-nav__link">
<span class="md-ellipsis">
Security (1)
</span>
</a>
<nav class="md-nav" aria-label="Security (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#identity-and-access" class="md-nav__link">
<span class="md-ellipsis">
Identity and Access
</span>
</a>
<nav class="md-nav" aria-label="Identity and Access">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-iam" class="md-nav__link">
<span class="md-ellipsis">
AWS IAM
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#security-and-compliance-1" class="md-nav__link">
<span class="md-ellipsis">
Security and Compliance (1)
</span>
</a>
<nav class="md-nav" aria-label="Security and Compliance (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#linux-hardening" class="md-nav__link">
<span class="md-ellipsis">
Linux Hardening
</span>
</a>
<nav class="md-nav" aria-label="Linux Hardening">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#system-administration" class="md-nav__link">
<span class="md-ellipsis">
System Administration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#security-and-governance" class="md-nav__link">
<span class="md-ellipsis">
Security and Governance
</span>
</a>
<nav class="md-nav" aria-label="Security and Governance">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cicd-security" class="md-nav__link">
<span class="md-ellipsis">
CICD Security
</span>
</a>
<nav class="md-nav" aria-label="CICD Security">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#azure-and-github-integration" class="md-nav__link">
<span class="md-ellipsis">
Azure and GitHub Integration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#security-and-identity" class="md-nav__link">
<span class="md-ellipsis">
Security and Identity
</span>
</a>
<nav class="md-nav" aria-label="Security and Identity">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aws-iam-1" class="md-nav__link">
<span class="md-ellipsis">
AWS IAM (1)
</span>
</a>
<nav class="md-nav" aria-label="AWS IAM (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#access-control-1" class="md-nav__link">
<span class="md-ellipsis">
Access Control (1)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#compliance-and-monitoring" class="md-nav__link">
<span class="md-ellipsis">
Compliance and Monitoring
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#credential-management" class="md-nav__link">
<span class="md-ellipsis">
Credential Management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#hybrid-cloud-identity" class="md-nav__link">
<span class="md-ellipsis">
Hybrid Cloud Identity
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#least-privilege-automation" class="md-nav__link">
<span class="md-ellipsis">
Least Privilege Automation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#security-analysis" class="md-nav__link">
<span class="md-ellipsis">
Security Analysis
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#single-sign-on" class="md-nav__link">
<span class="md-ellipsis">
Single Sign-On
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#network-security" class="md-nav__link">
<span class="md-ellipsis">
Network Security
</span>
</a>
<nav class="md-nav" aria-label="Network Security">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#threat-mitigation" class="md-nav__link">
<span class="md-ellipsis">
Threat Mitigation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#web-application-protection" class="md-nav__link">
<span class="md-ellipsis">
Web Application Protection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#secrets-management-1" class="md-nav__link">
<span class="md-ellipsis">
Secrets Management (1)
</span>
</a>
<nav class="md-nav" aria-label="Secrets Management (1)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#disaster-recovery" class="md-nav__link">
<span class="md-ellipsis">
Disaster Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kubernetes-integration" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#lifecycle-management" class="md-nav__link">
<span class="md-ellipsis">
Lifecycle Management
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../aws-serverless/" class="md-nav__link">
<span class="md-ellipsis">
AWS Serverless
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-spain/" class="md-nav__link">
<span class="md-ellipsis">
AWS Spain
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-storage/" class="md-nav__link">
<span class="md-ellipsis">
AWS Storage
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-tools-scripts/" class="md-nav__link">
<span class="md-ellipsis">
AWS Tools Scripts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-training/" class="md-nav__link">
<span class="md-ellipsis">
AWS Training
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws/" class="md-nav__link">
<span class="md-ellipsis">
AWS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../azure/" class="md-nav__link">
<span class="md-ellipsis">
Azure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../digitalocean/" class="md-nav__link">
<span class="md-ellipsis">
Digitalocean
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../edge-computing/" class="md-nav__link">
<span class="md-ellipsis">
Edge Computing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ibm_cloud/" class="md-nav__link">
<span class="md-ellipsis">
Ibm_Cloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../managed-kubernetes-in-public-cloud/" class="md-nav__link">
<span class="md-ellipsis">
Managed Kubernetes In Public Cloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../oraclecloud/" class="md-nav__link">
<span class="md-ellipsis">
Oraclecloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../private-cloud-solutions/" class="md-nav__link">
<span class="md-ellipsis">
Private Cloud Solutions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../public-cloud-solutions/" class="md-nav__link">
<span class="md-ellipsis">
Public Cloud Solutions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../scaleway/" class="md-nav__link">
<span class="md-ellipsis">
Scaleway
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../caching/" class="md-nav__link">
<span class="md-ellipsis">
Networking & Service Mesh
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../container-managers/" class="md-nav__link">
<span class="md-ellipsis">
The Container Stack
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../crunchydata/" class="md-nav__link">
<span class="md-ellipsis">
Data & Advanced Analytics
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../argo/" class="md-nav__link">
<span class="md-ellipsis">
Engineering Pipeline
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../ChromeDevTools/" class="md-nav__link">
<span class="md-ellipsis">
Developer Ecosystem
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../appointment-scheduling/" class="md-nav__link">
<span class="md-ellipsis">
Career & Industry
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/nubenetes/awesome-kubernetes/edit/master/v2-docs/aws-security.md" title="Edit this page" class="md-content__button md-icon" rel="edit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<a href="https://github.com/nubenetes/awesome-kubernetes/raw/master/v2-docs/aws-security.md" title="View source of this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg>
</a>
<h1 id="aws-security">AWS Security<a class="headerlink" href="#aws-security" title="Permanent link">&para;</a></h1>
<div class="admonition tip">
<p class="admonition-title">Nubenetes V2 Elite Portal</p>
<p>You are browsing the AI-Curated V2 Elite Edition. Looking for the exhaustive list of references? Check out the <a href="/v1/aws-security/"><strong>V1 Historical Archive</strong></a>.</p>
</div>
<div class="admonition info">
<p class="admonition-title">Architectural Context</p>
<p>Detailed reference for AWS Security in the context of Cloud Providers (Hyperscalers).</p>
</div>
<h2 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">&para;</a></h2>
<ol>
<li><a href="#aws">AWS</a></li>
<li><a href="#multi-account-setup">Multi-Account Setup</a><ul>
<li><a href="#governance">Governance</a></li>
</ul>
</li>
<li><a href="#architectural-foundations">Architectural Foundations</a></li>
<li><a href="#kubernetes-tools">Kubernetes Tools</a><ul>
<li><a href="#general-reference">General Reference</a></li>
</ul>
</li>
<li><a href="#cloud-architecture">Cloud Architecture</a></li>
<li><a href="#aws-1">AWS</a><ul>
<li><a href="#cryptography">Cryptography</a></li>
<li><a href="#data-protection">Data Protection</a></li>
<li><a href="#database-security">Database Security</a></li>
<li><a href="#identity-and-access-management">Identity and Access Management</a></li>
<li><a href="#infrastructure-management">Infrastructure Management</a></li>
<li><a href="#networking">Networking</a></li>
<li><a href="#saas-architecture">SaaS Architecture</a></li>
<li><a href="#secrets-management">Secrets Management</a></li>
<li><a href="#security-auditing">Security Auditing</a></li>
<li><a href="#security-and-compliance">Security and Compliance</a></li>
<li><a href="#sustainability">Sustainability</a></li>
<li><a href="#vulnerability-management">Vulnerability Management</a></li>
</ul>
</li>
<li><a href="#aws-governance">AWS Governance</a><ul>
<li><a href="#access-control">Access Control</a></li>
<li><a href="#compliance-frameworks">Compliance Frameworks</a></li>
<li><a href="#landing-zone-automation">Landing Zone Automation</a></li>
<li><a href="#multi-account-strategy">Multi-Account Strategy</a></li>
</ul>
</li>
<li><a href="#certification">Certification</a><ul>
<li><a href="#aws-2">AWS</a></li>
<li><a href="#solutions-architect-professional">Solutions Architect Professional</a></li>
</ul>
</li>
<li><a href="#cloud-engineering">Cloud Engineering</a></li>
<li><a href="#devsecops">DevSecOps</a><ul>
<li><a href="#security">Security</a></li>
</ul>
</li>
<li><a href="#cloud-native-platforms">Cloud Native Platforms</a></li>
<li><a href="#azure">Azure</a><ul>
<li><a href="#security-automation">Security Automation</a></li>
</ul>
</li>
<li><a href="#devsecops-1">DevSecOps</a></li>
<li><a href="#policy-as-code">Policy as Code</a><ul>
<li><a href="#open-policy-agent">Open Policy Agent</a></li>
</ul>
</li>
<li><a href="#security-1">Security</a></li>
<li><a href="#identity-and-access">Identity and Access</a><ul>
<li><a href="#aws-iam">AWS IAM</a></li>
</ul>
</li>
<li><a href="#security-and-compliance-1">Security and Compliance</a></li>
<li><a href="#linux-hardening">Linux Hardening</a><ul>
<li><a href="#system-administration">System Administration</a></li>
</ul>
</li>
<li><a href="#security-and-governance">Security and Governance</a></li>
<li><a href="#cicd-security">CICD Security</a><ul>
<li><a href="#azure-and-github-integration">Azure and GitHub Integration</a></li>
</ul>
</li>
<li><a href="#security-and-identity">Security and Identity</a></li>
<li><a href="#aws-iam-1">AWS IAM</a><ul>
<li><a href="#access-control-1">Access Control</a></li>
<li><a href="#compliance-and-monitoring">Compliance and Monitoring</a></li>
<li><a href="#credential-management">Credential Management</a></li>
<li><a href="#hybrid-cloud-identity">Hybrid Cloud Identity</a></li>
<li><a href="#least-privilege-automation">Least Privilege Automation</a></li>
<li><a href="#security-analysis">Security Analysis</a></li>
<li><a href="#single-sign-on">Single Sign-On</a></li>
</ul>
</li>
<li><a href="#network-security">Network Security</a><ul>
<li><a href="#threat-mitigation">Threat Mitigation</a></li>
<li><a href="#web-application-protection">Web Application Protection</a></li>
</ul>
</li>
<li><a href="#secrets-management-1">Secrets Management</a><ul>
<li><a href="#disaster-recovery">Disaster Recovery</a></li>
<li><a href="#kubernetes-integration">Kubernetes Integration</a></li>
<li><a href="#lifecycle-management">Lifecycle Management</a></li>
</ul>
</li>
</ol>
<h2 id="aws">AWS<a class="headerlink" href="#aws" title="Permanent link">&para;</a></h2>
<h3 id="multi-account-setup">Multi-Account Setup<a class="headerlink" href="#multi-account-setup" title="Permanent link">&para;</a></h3>
<h4 id="governance">Governance<a class="headerlink" href="#governance" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://aws.amazon.com/controltower">aws.amazon.com: AWS Control Tower</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official AWS product reference for AWS Control Tower, a managed service that streamlines multi-account governance and landing zone orchestration. It details how the platform enforces automated guardrails, visualizes enterprise health, and coordinates with AWS Organizations for centralized billing and policy compliance.</li>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/aws/new-aws-control-tower-account-factory-for-terraform">aws.amazon.com: New AWS Control Tower Account Factory for Terraform</a> <span class='md-tag md-tag--warning'>[HCL CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An analytical introduction to the AWS Control Tower Account Factory for Terraform (AFT), enabling GitOps-driven deployment of AWS accounts. Discusses custom pipeline orchestration and landing zone configurations that maintain strict security compliance metrics across large organizations.</li>
</ul>
<h2 id="architectural-foundations">Architectural Foundations<a class="headerlink" href="#architectural-foundations" title="Permanent link">&para;</a></h2>
<h3 id="kubernetes-tools">Kubernetes Tools<a class="headerlink" href="#kubernetes-tools" title="Permanent link">&para;</a></h3>
<h4 id="general-reference">General Reference<a class="headerlink" href="#general-reference" title="Permanent link">&para;</a></h4>
<ul>
<li><a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html">Tutorial: Configure Apache Web Server on Amazon Linux to use SSL/TLS</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering docs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx4QX7W51NDSLO/The-Most-Popular-AWS-Security-Blog-Posts-in-2015">The Most Popular AWS Security Blog Posts in 2015</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx3PTTZB14FWPBA/Announcing-Industry-Best-Practices-for-Securing-AWS-Resources">Announcing Industry Best Practices for Securing AWS Resources</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx2N52FR8XGJVL3/The-Most-Viewed-AWS-Security-Blog-Posts-so-Far-in-2016">The Most Viewed AWS Security Blog Posts so Far in 2016</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/TxK5WUJK3DG9G8/How-to-Restrict-Amazon-S3-Bucket-Access-to-a-Specific-IAM-Role">How to Restrict Amazon S3 Bucket Access to a Specific IAM Role</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx6QAIBSQTJPHB/Updated-Whitepaper-Available-AWS-Best-Practices-for-DDoS-Resiliency">Updated Whitepaper Available: AWS Best Practices for DDoS Resiliency</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx3KVD6T490MM47/In-Case-You-Missed-These-AWS-Security-Blog-Posts-from-June-July-and-August">AWS Security Blog: In Case You Missed These: AWS Security Blog Posts from June, July, and August 2016</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/TxLEHNNDPUFDU9/Automated-Reasoning-and-Amazon-s2n">Amazon s2n: AWSs new Open Source implementation of the SSL/TLS network encryption protocols</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx2OB7YGHMB7WCM/Adhere-to-IAM-Best-Practices-in-2016">AWS Identity and Access Management (IAM) best practices in 2016</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx14ADBJOCAT9NS/How-to-Record-and-Govern-Your-IAM-Resource-Configurations-Using-AWS-Config">How to Record and Govern Your IAM Resource Configurations Using AWS Config</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx2CGWIB8SBYW2J/How-to-Use-SAML-to-Automatically-Direct-Federated-Users-to-a-Specific-AWS-Manage">How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx1LPI2H6Q6S5KC/How-to-Automatically-Update-Your-Security-Groups-for-Amazon-CloudFront-and-AWS-W">How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda (boto3 python)</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx223ZW25YRPRKV/How-to-Use-AWS-WAF-to-Block-IP-Addresses-That-Generate-Bad-Requests">How to Use AWS WAF to Block IP Addresses That Generate Bad Requests</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blogs.aws.amazon.com/security/post/Tx1G747SE1R2ZWE/How-to-Reduce-Security-Threats-and-Operating-Costs-Using-AWS-WAF-and-Amazon-Clou">How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blogs.aws.amazon.com in the Kubernetes Tools ecosystem.</li>
<li><a href="https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4">Amazons customer service backdoor</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering Amazons customer service backdoor in the Kubernetes Tools ecosystem.</li>
<li><a href="https://dzone.com/articles/removing-the-bastion-host-and-improving-the-securi">dzone: Removing the Bastion Host and Improving the Security in AWS</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering dzone: Removing the Bastion Host and Improving the Security in AWS in the Kubernetes Tools ecosystem.</li>
<li><a href="https://faun.pub/handling-exposed-aws-access-key-b053362abd73">faun.pub: Handling Exposed AWS Access Key</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering faun.pub: Handling Exposed AWS Access Key in the Kubernetes Tools ecosystem.</li>
<li><a href="https://medium.com/@neonforge/why-you-shouldnt-use-aws-managed-kms-keys-83d9eb9d5090">medium.com/@neonforge: Why You Shouldnt Use AWS managed KMS Keys</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/@neonforge: Why You Shouldnt Use AWS managed KMS Keys in the Kubernetes Tools ecosystem.</li>
<li><a href="https://medium.parttimepolymath.net/no-more-aws-access-keys-13a3c3f2337a">medium.parttimepolymath.net: No more AWS Access Keys?</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.parttimepolymath.net: No more AWS Access Keys? in the Kubernetes Tools ecosystem.</li>
<li><a href="https://ben11kehoe.medium.com/principals-in-aws-iam-38c4a3dc322a">ben11kehoe.medium.com: AWS Authentication: Principals (users and roles)' in AWS IAM</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering ben11kehoe.medium.com: AWS Authentication: Principals (users and roles)' in AWS IAM in the Kubernetes Tools ecosystem.</li>
<li><a href="https://www.awsiam.info">awsiam.info: AWS IAM Search</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering <mark>awsiam.info: AWS IAM Search</mark> in the Kubernetes Tools ecosystem.</li>
<li><a href="https://binx.io/2022/07/13/working-with-aws-permission-policies">binx.io: Working with AWS Permission Policies 🌟</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering binx.io: Working with AWS Permission Policies 🌟 in the Kubernetes Tools ecosystem.</li>
<li><a href="https://www.hashicorp.com/blog/hashicorp-teams-with-aws-on-new-control-tower-account-factory-for-terraform">hashicorp.com: HashiCorp Teams with AWS on New Control Tower Account Factory' for Terraform</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering hashicorp.com: HashiCorp Teams with AWS on New Control Tower Account Factory' for Terraform in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blog.doit-intl.com/aws-firewalls-101-how-and-when-to-use-each-one-d4ad8087a6b3">doit-intl.com: AWS Firewalls 101: How and when to use each one</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering doit-intl.com: AWS Firewalls 101: How and when to use each one in the Kubernetes Tools ecosystem.</li>
<li><a href="https://medium.com/cloud-techies/blocking-bots-using-aws-waf-d449e6d159ca">medium: Blocking bots using AWS WAF</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Blocking bots using AWS WAF in the Kubernetes Tools ecosystem.</li>
<li><a href="https://medium.com/avmconsulting-blog/protecting-your-web-application-or-apis-using-aws-waf-1829ff79275a">medium: Protecting your Web Application or APIs using AWS WAF</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Protecting your Web Application or APIs using AWS WAF in the Kubernetes Tools ecosystem.</li>
<li><a href="https://faun.pub/set-up-global-rate-limiting-with-aws-waf-in-5-minutes-bd43a9309683">faun.pub: Set up global rate limiting with AWS WAF in 5 minutes</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering faun.pub: Set up global rate limiting with AWS WAF in 5 minutes in the Kubernetes Tools ecosystem.</li>
<li><a href="https://blog.devops.dev/manage-secrets-on-aws-and-helm-as-environment-variables-f7ec998c58fc">blog.devops.dev: Debugging Kubernetes Secrets, Why My Pod Wouldnt Start</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.devops.dev: Debugging Kubernetes Secrets, Why My Pod Wouldnt Start in the Kubernetes Tools ecosystem.</li>
</ul>
<h2 id="cloud-architecture">Cloud Architecture<a class="headerlink" href="#cloud-architecture" title="Permanent link">&para;</a></h2>
<h3 id="aws-1">AWS (1)<a class="headerlink" href="#aws-1" title="Permanent link">&para;</a></h3>
<h4 id="cryptography">Cryptography<a class="headerlink" href="#cryptography" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2026)</strong> <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">encrypt and decrypt data: Importing Key Material in AWS Key Management Service (AWS KMS)</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official technical reference guide for importing external symmetric/asymmetric cryptographic key materials (BYOK) into AWS KMS. Covers PKCS#1 padding requirements, secure wrapping key transport, token parameters, and operational risks associated with manually importing key lifetimes.</li>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/security/encrypt-global-data-client-side-with-aws-kms-multi-region-keys">Encrypt global data client-side with AWS KMS multi-Region keys</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Deep architectural guide explaining client-side data encryption utilizing AWS KMS multi-Region keys. This approach ensures secure, identical-key replication across different geographic regions, simplifying global data protection without requiring decryption and re-encryption loops.</li>
</ul>
<h4 id="data-protection">Data Protection<a class="headerlink" href="#data-protection" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://yobyot.com/aws/aws-multi-region-keys-and-ec2-data-lifecycle-manager/2021/08/18">yobyot.com: AWS multi-region KMS keys and Data Lifecycle Manager: better together</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An exploration of operational resilience combining AWS Multi-Region KMS keys with Amazon Data Lifecycle Manager (DLM). It describes a secure recovery architecture where encrypted EBS volume snapshots are replicated across disaster-recovery regions automatically using identical key metadata.</li>
</ul>
<h4 id="database-security">Database Security<a class="headerlink" href="#database-security" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://keepler.io/es/2021/03/15/gestionando-el-control-de-accesos-en-nuestro-data-lake-en-aws">keepler.io: Gestionando el control de accesos en nuestro data lake en AWS</a> <span class='md-tag md-tag--warning'>[SPANISH CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A technical case study analyzing fine-grained data-access patterns inside AWS-based Data Lakes. Outlines integrations with AWS Lake Formation, Tag-based IAM access control, and metadata catalog security schemes to implement secure data-at-rest policies.</li>
<li><strong>(2018)</strong> <a href="https://aws.amazon.com/es/blogs/apn/oracle-database-encryption-options-on-amazon-rds">Oracle Database Encryption Options on Amazon RDS</a> <span class='md-tag md-tag--warning'>[SPANISH CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A technical architectural blog guiding engineers through configuring database security on Amazon RDS. It focuses on integrating Oracle Transparent Data Encryption (TDE) with AWS KMS, ensuring low-latency column and tablespace encryption-at-rest with robust enterprise key separation.</li>
</ul>
<h4 id="identity-and-access-management">Identity and Access Management<a class="headerlink" href="#identity-and-access-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2024)</strong> <a href="https://github.com/iann0036/iamlive"><strong>iann0036/iamlive</strong></a> <span class='md-tag md-tag--info'>⭐ 3388</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-256c10e7" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 13 L 10 10 L 20 3 L 30 7 L 40 4 L 50 5" fill="none" stroke="url(#spark-grad-256c10e7)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> 🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[ENTERPRISE-STABLE]</span> — An open-source utility that monitors local AWS CLI or SDK actions via a proxy engine to dynamically generate minimal-privilege IAM policies. This tool reduces the manual work of writing policies by creating accurate least-privilege configurations based on actual API calls.</li>
<li><strong>(2023)</strong> <a href="https://github.com/awslabs/cognito-at-edge">awslabs/cognito-at-edge</a> <span class='md-tag md-tag--info'>⭐ 238</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-c126fe85" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 3 L 10 9 L 20 12 L 30 12 L 40 5 L 50 5" fill="none" stroke="url(#spark-grad-c126fe85)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[TYPESCRIPT CONTENT]</span> 🌟🌟 <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An AWS Labs utility for parsing and verifying Amazon Cognito user authentication tokens directly inside CloudFront Lambda@Edge functions. This shifts JWT parsing to the network edge, avoiding cold starts on regional API servers.</li>
<li><strong>(2026)</strong> <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html">AWS Identity and Access Management - Getting Started</a> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The baseline documentation for initiating user and role profiles under AWS IAM. Establishes standard conceptual understandings of IAM JSON constructs, execution context, resource-based policies, and the configuration of multi-factor authentication.</li>
<li><strong>(2023)</strong> <a href="https://aws.amazon.com/es/blogs/security/new-iamctl-tool-compares-multiple-iam-roles-and-policies">New IAMCTL tool compares multiple IAM roles and policies</a> <span class='md-tag md-tag--warning'>[ENGLISH/SPANISH CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Introduces iamctl, a command-line tool designed to query, compare, and diff multi-account AWS IAM role schemas and security profiles. This utility prevents configuration drift and minimizes human error in pipeline-driven IAM updates.</li>
<li><strong>(2022)</strong> <a href="https://www.infoq.com/news/2022/01/aws-iam-s3-access">infoq.com: Incorrect IAM Policy Raised Questions About AWS Access to S3 Data</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An InfoQ news analysis detailing a public debate over AWS default managed policy definitions and their theoretical data exposure risks. It highlights why security engineers must review managed boundaries and use customer-defined resource limits for strict security.</li>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment">How to automate AWS account creation with SSO user assignment</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An automation blueprint detailing programmatic AWS account creation and scaling under AWS Organizations. Details integration with IAM Identity Center (formerly AWS SSO) to automate standard permission set attachments and directory-level user allocation during tenancy bootstrap.</li>
<li><strong>(2021)</strong> <a href="https://darryl-ruggles.cloud/aws-sso-credentials-with-multiple-accounts">darryl-ruggles.cloud: AWS SSO Credentials With Multiple Accounts</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A developer-oriented guide for managing local terminal environment configurations with AWS SSO credentials across massive multi-account trees. It demonstrates terminal configuration methods to automate key refreshing and switch profiles without manual friction.</li>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/about-aws/whats-new/2021/03/iam-access-analyzer-supports-over-100-policy-checks-with-actionable-recommendations">aws.amazon.com: IAM Access Analyzer now supports over 100 policy checks with actionable recommendations to help you author secure and functional policies</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Product release notes detailing major updates in AWS IAM Access Analyzer, introducing over 100 automated checks with recommendations to help security teams author secure and functional IAM policies.</li>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/aws/iam-access-analyzer-update-policy-validation">aws.amazon.com: IAM Access Analyzer Update Policy Validation</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A deep dive into policy validation capabilities inside AWS IAM Access Analyzer. It explains how the engine uses mathematical logic to find grammar issues, security slips, or over-permissive configurations directly during the authoring phase.</li>
<li><strong>(2021)</strong> <a href="https://netflixtechblog.com/consoleme-a-central-control-plane-for-aws-permissions-and-access-fd09afdd60a8">netflixtechblog.com: ConsoleMe: A Central Control Plane for AWS Permissions and Access</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An architectural breakdown of ConsoleMe, Netflix's open-source control plane for managing AWS permissions. It abstracts IAM complexity for developers through a web interface, automating least-privilege policy generation based on runtime log findings.</li>
<li><strong>(2021)</strong> <a href="https://cloudkatha.com/difference-between-root-user-and-iam-user-in-aws-you-need-to-know">cloudkatha.com: Difference between Root User and IAM User in AWS You Need to Know</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A straightforward guide detailing the differences between an AWS account's root user credentials and standard delegated IAM identities. Emphasizes security best practices, such as disabling root access keys and using delegated roles for daily maintenance.</li>
<li><strong>(2021)</strong> <a href="https://www.daan.fyi/writings/iam">daan.fyi: AWS IAM Demystified</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An explanatory technical guide dissecting the evaluation logic of AWS IAM. Details step-by-step how explicit denials, SCP boundaries, resource-based policies, and permission sets interact dynamically to help developers troubleshoot access-denied errors.</li>
</ul>
<h4 id="infrastructure-management">Infrastructure Management<a class="headerlink" href="#infrastructure-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/es/blogs/mt/bring-your-own-cli-session-manager-configurable-shell-profiles">Bring your own CLI to Session Manager with configurable shell profiles</a> <span class='md-tag md-tag--warning'>[ENGLISH/SPANISH CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An implementation guide for setting up customizable shell profiles inside AWS Systems Manager (SSM) Session Manager. It enables operators to access secure terminal connections on EC2 machines while applying automated command restrictions and central logging configurations.</li>
</ul>
<h4 id="networking">Networking<a class="headerlink" href="#networking" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://www.linkedin.com/pulse/complexities-aws-security-groups-cloud-world-ashish-kar">linkedin.com: Complexities of AWS Security Groups in the Cloud World</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A pragmatic assessment of structural limits and networking complexities when handling AWS Security Groups at enterprise scale. Covers limits on rule volume, challenges with nested rules, and operational strategies for transitioning to centralized firewalls or transit gateways.</li>
</ul>
<h4 id="saas-architecture">SaaS Architecture<a class="headerlink" href="#saas-architecture" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/security/security-practices-in-aws-multi-tenant-saas-environments">Security practices in AWS multi-tenant SaaS environments</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An analytical guide establishing SaaS tenant isolation policies on AWS. Discusses partitioning patterns across compute resources, dynamically generating short-lived IAM session credentials to enforce data-layer security boundaries, and configuring tenant-specific encryption keys via KMS.</li>
</ul>
<h4 id="secrets-management">Secrets Management<a class="headerlink" href="#secrets-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://github.com/aws-samples/aws-secrets-manager-hybrid-secret-replication-from-hashicorp-vault">github.com/aws-samples: How to set up continuous replication from your third-party' secrets manager to AWS Secrets Manager</a> <span class='md-tag md-tag--info'>⭐ 16</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-0ba6e5a7" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 12 L 10 12 L 20 5 L 30 11 L 40 10 L 50 13" fill="none" stroke="url(#spark-grad-0ba6e5a7)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="13" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[PYTHON/TERRAFORM CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟 <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An AWS-samples repository containing code to continuously replicate secret assets between external managers (such as HashiCorp Vault) and AWS Secrets Manager. Features serverless execution scripts to maintain secrets synchronization across hybrid-cloud infrastructures.</li>
</ul>
<h4 id="security-auditing">Security Auditing<a class="headerlink" href="#security-auditing" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/security/how-to-use-aws-security-hub-and-amazon-opensearch-service-for-siem">How to use AWS Security Hub and Amazon OpenSearch Service for SIEM</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A reference architecture blueprint demonstrating how to centralize finding logs from AWS Security Hub and ingestion-routing them into Amazon OpenSearch Service. It serves as a cost-effective, real-time Security Information and Event Management (SIEM) dashboard for continuous log investigation.</li>
<li><strong>(2021)</strong> <a href="https://www.pluralsight.com/resources/blog/cloud/how-to-audit-and-secure-an-aws-account">acloudguru.com: How to audit and secure an AWS account</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A security auditor's checklist for securing AWS account topologies. Outlines strategies for enforcing Multi-Factor Authentication (MFA), isolating billing lines, establishing AWS Organizations boundaries, locking down default root configuration, and initiating persistent CloudTrail logs.</li>
</ul>
<h4 id="security-and-compliance">Security and Compliance<a class="headerlink" href="#security-and-compliance" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://github.com/aws-samples/service-control-policy-examples">github.com/aws-samples: Service Control Policy examples</a> <span class='md-tag md-tag--info'>⭐ 305</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-888f3d62" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 11 L 10 11 L 20 13 L 30 9 L 40 2 L 50 6" fill="none" stroke="url(#spark-grad-888f3d62)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="6" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[JSON CONTENT]</span> 🌟🌟 <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated directory of structural AWS Service Control Policies (SCPs) utilized within AWS Organizations. It provides architectural JSON blocks to establish hard regional restrictions, enforce multi-factor authentication, restrict dangerous actions, and protect critical cloud monitoring tools.</li>
<li><strong>(2026)</strong> <a href="https://blogs.aws.amazon.com/security">AWS Security Blog</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The primary industry-standard corporate security blog by Amazon Web Services, offering continuous, authoritative updates on zero-trust implementation, threat remediation, access control patterns, and regulatory cloud compliance alignments.</li>
<li><strong>(2026)</strong> <a href="https://aws.amazon.com/security">AWS Security</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official AWS portal showcasing native infrastructure security solutions. Focuses on physical data center compliance, hypervisor-level boundaries, AWS Shield protection, and global compliance standards (ISO, SOC, and PCI DSS).</li>
<li><strong>(2026)</strong> <a href="https://docs.aws.amazon.com/security">AWS Security docs</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The main technical documentation index containing exhaustive API references and deployment guides for AWS identity management, key rotation mechanisms, network firewalls, and security telemetry platforms.</li>
<li><strong>(2024)</strong> <a href="https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture">docs.aws.amazon.com: AWS Security Reference Architecture (AWS SRA) 🌟</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The master prescriptive reference architecture detailing AWS multi-account deployment models. Considers native configurations for security organization units, delegated admin accounts, centralized log aggregation (S3/CloudTrail), and dynamic remediation pipelines.</li>
<li><strong>(2024)</strong> <a href="https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/application-security.html">docs.aws.amazon.com: Application security</a> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Part of the AWS Well-Architected Framework, this section outlines fundamental standards for securing codebases and application delivery models. Focuses on setting up automated continuous security scanning (SAST/DAST), secrets tracking, container execution boundaries, and secure package curation.</li>
<li><strong>(2023)</strong> <a href="https://aws.amazon.com/blogs/security/update-of-aws-security-reference-architecture-is-now-available">aws.amazon.com: Update of AWS Security Reference Architecture is now available</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An architectural announcement detailing updates made to the AWS Security Reference Architecture (SRA). Details integrations with newly evolved AWS security services, updated multi-account strategies, and delegation changes designed to simplify operational overhead.</li>
<li><strong>(2016)</strong> <a href="https://aws.amazon.com/about-aws/whats-new/2016/06/learn-aws-security-fundamentals-with-free-and-online-training">Learn AWS Security Fundamentals with Free and Online Training</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Historical training material landing page detailing basic AWS security constructs. Highly useful for onboarding developers to the AWS Shared Responsibility Model, VPC security groups, IAM users, and primitive API auditing.</li>
<li><strong>(2016)</strong> <a href="https://aws.amazon.com/about-aws/whats-new/2016/05/pci-dss-standardized-architecture-on-the-aws-cloud-quick-start-reference-deployment">PCI DSS Standardized Architecture on the AWS Cloud: Quick Start Reference Deployment</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Historical release information outlining AWS's automated Quick Start reference architecture blueprint for PCI DSS Level 1 compliance. Provides pre-built CloudFormation nesting designs designed to construct multi-tier secure enclaves on AWS.</li>
</ul>
<h4 id="sustainability">Sustainability<a class="headerlink" href="#sustainability" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://github.com/awslabs/sustainability-scanner">github.com/awslabs/sustainability-scanner: Sustainability Scanner (SusScanner)</a> <span class='md-tag md-tag--info'>⭐ 124</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-fefd9627" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 13 L 10 2 L 20 8 L 30 3 L 40 3 L 50 12" fill="none" stroke="url(#spark-grad-fefd9627)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="12" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[PYTHON CONTENT]</span> 🌟🌟 <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An AWS Labs security linter (SusScanner) designed to parse CloudFormation templates, highlighting optimization and resource usage anomalies. The tool aids in reducing carbon footprints and waste overhead by aligning resource choices with the AWS Sustainability Pillar.</li>
</ul>
<h4 id="vulnerability-management">Vulnerability Management<a class="headerlink" href="#vulnerability-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2016)</strong> <a href="https://aws.amazon.com/es/about-aws/whats-new/2016/08/amazon-inspector-announces-general-availability-for-windows">Amazon Inspector Announces General Availability for Windows</a> <span class='md-tag md-tag--warning'>[SPANISH CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Historical announcement outlining Amazon Inspector's release of vulnerability assessment scanning support on Windows Server instances. While foundational, modern operators should reference later Amazon Inspector v2 capabilities for unified container and EC2 scanning.</li>
</ul>
<h3 id="aws-governance">AWS Governance<a class="headerlink" href="#aws-governance" title="Permanent link">&para;</a></h3>
<h4 id="access-control">Access Control<a class="headerlink" href="#access-control" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/mt/simplifying-permissions-management-at-scale-using-tags-in-aws-organizations">Simplifying permissions management at scale using tags in AWS Organizations</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Explains how Attribute-Based Access Control (ABAC) can scale within AWS Organizations using tag propagation. By tying access control permissions to metadata tags applied to AWS accounts and resources, architectures can achieve dynamic permission management that automatically scales as new resources are provisioned.</li>
</ul>
<h4 id="compliance-frameworks">Compliance Frameworks<a class="headerlink" href="#compliance-frameworks" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/mt/standardize-compliance-in-aws-using-devops-and-a-cloud-center-of-excellence-ccoe-approach">Standardize compliance in AWS using DevOps and a Cloud Center of Excellence (CCOE) approach</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Details institutional frameworks for establishing a Cloud Center of Excellence (CCoE) to govern multi-account AWS environments. It details the alignment of continuous integration pipelines, automated compliance scanning, and guardrail enforcement to deliver standardized, compliant patterns across large enterprises.</li>
</ul>
<h4 id="landing-zone-automation">Landing Zone Automation<a class="headerlink" href="#landing-zone-automation" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://aws.amazon.com/about-aws/whats-new/2023/11/automate-aws-control-tower-zone-operations-apis">aws.amazon.com: Automate AWS Control Tower landing zone operations using APIs</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An engineering overview of API-driven landing zone automation. By leveraging AWS SDKs and CLI commands for Control Tower lifecycle events, platform teams can programmatically deploy, upgrade, and track the compliance state of landing zones within their CI/CD release cycles.</li>
</ul>
<h4 id="multi-account-strategy">Multi-Account Strategy<a class="headerlink" href="#multi-account-strategy" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2024)</strong> <a href="https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.html">Organizing Your AWS Environment Using Multiple Accounts (white paper for best practices)</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The official AWS framework defining multi-account best practices using AWS Organizations and AWS Control Tower. It outlines critical isolation patterns for security, billing, and operational autonomy. Architecturally, it serves as the foundation for modern enterprise landing zones, ensuring strict blast-radius limitation.</li>
<li><strong>(2024)</strong> <a href="https://wut.dev/blog/2024/07/05/moving-aws-accounts-within-organization.html">blog.wut.dev: Moving AWS Accounts and OUs Within An Organization - Not So Simple!</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A highly practical analysis of the pitfalls and administrative hurdles encountered when migrating AWS accounts between Organizational Units (OUs) or organizations. It examines the operational impact on Service Control Policies (SCPs), resource shares, CloudFormation StackSets, and global integrations during transition phases.</li>
</ul>
<h3 id="certification">Certification<a class="headerlink" href="#certification" title="Permanent link">&para;</a></h3>
<h4 id="aws-2">AWS (2)<a class="headerlink" href="#aws-2" title="Permanent link">&para;</a></h4>
<h5 id="solutions-architect-professional">Solutions Architect Professional<a class="headerlink" href="#solutions-architect-professional" title="Permanent link">&para;</a></h5>
<ul>
<li><strong>(2020)</strong> <a href="https://www.linkedin.com/top-content/?trk=article_not_found">Tips on Passing AWS Certified Solutions Architect - Professional Level</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A strategic study guide for passing the AWS Certified Solutions Architect - Professional exam. The content focuses on advanced architectural design patterns, multi-tier application migration, cost optimization, and high-availability setups across complex AWS environments. Curator Insight: Highly structured blueprint for enterprise AWS exam prep. Live Grounding: Real-world value lies in understanding multi-account strategies, organizational governance, and security at scale.</li>
</ul>
<h2 id="cloud-engineering">Cloud Engineering<a class="headerlink" href="#cloud-engineering" title="Permanent link">&para;</a></h2>
<h3 id="devsecops">DevSecOps<a class="headerlink" href="#devsecops" title="Permanent link">&para;</a></h3>
<h4 id="security">Security<a class="headerlink" href="#security" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2024)</strong> <a href="https://www.wiz.io/blog/avoiding-mistakes-with-aws-oidc-integration-conditions">Avoiding Mistakes with AWS OIDC Integration Conditions</a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A security deep dive into AWS IAM OIDC trust relationships. Explains how misconfigured OIDC settings can allow unauthorized actions in GitHub Actions pipelines and outlines steps to prevent account compromise.</li>
</ul>
<h2 id="cloud-native-platforms">Cloud Native Platforms<a class="headerlink" href="#cloud-native-platforms" title="Permanent link">&para;</a></h2>
<h3 id="azure">Azure<a class="headerlink" href="#azure" title="Permanent link">&para;</a></h3>
<h4 id="security-automation">Security Automation<a class="headerlink" href="#security-automation" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2024)</strong> <a href="https://cloudbuild.co.uk/free-automated-lets-encrypt-certificates-in-azure-key-vault-with-acme-bot-a-step-by-step-guide">Automated Let's Encrypt Certificates in Azure Key Vault with ACME Bot</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Step-by-step instructional resource on deploying ACME Bot inside Azure. Automates key lifecycles of Let's Encrypt certificates directly into secure Key Vaults.</li>
</ul>
<h2 id="devsecops-1">DevSecOps (1)<a class="headerlink" href="#devsecops-1" title="Permanent link">&para;</a></h2>
<h3 id="policy-as-code">Policy as Code<a class="headerlink" href="#policy-as-code" title="Permanent link">&para;</a></h3>
<h4 id="open-policy-agent">Open Policy Agent<a class="headerlink" href="#open-policy-agent" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent">Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent 🌟</a> <span class='md-tag md-tag--warning'>[TYPESCRIPT/REGO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A detailed walk-through demonstrating Policy-as-Code setups within AWS CDK deployment models using Open Policy Agent (OPA). Teaches engineers how to compile cloud infrastructure representations and parse them against Rego policies to catch insecure setups before resource creation.</li>
</ul>
<h2 id="security-1">Security (1)<a class="headerlink" href="#security-1" title="Permanent link">&para;</a></h2>
<h3 id="identity-and-access">Identity and Access<a class="headerlink" href="#identity-and-access" title="Permanent link">&para;</a></h3>
<h4 id="aws-iam">AWS IAM<a class="headerlink" href="#aws-iam" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://www.tenable.com/blog/diving-deeply-into-iam-policy-evaluation-highlights-from-aws-reinforce-iam433">ermetic.com: Diving Deeply into IAM Policy Evaluation Highlights from AWS re:Inforce IAM433</a> <span class='md-tag md-tag--warning'>[JSON CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> <span class='md-tag md-tag--secondary'>[GUIDE]</span> — An in-depth analysis of AWS Identity and Access Management policy logic based on re:Inforce insights. Decodes complex interaction flows between implicit and explicit denies, SCP policies, permissions boundaries, and resource-based rules.</li>
</ul>
<h2 id="security-and-compliance-1">Security and Compliance (1)<a class="headerlink" href="#security-and-compliance-1" title="Permanent link">&para;</a></h2>
<h3 id="linux-hardening">Linux Hardening<a class="headerlink" href="#linux-hardening" title="Permanent link">&para;</a></h3>
<h4 id="system-administration">System Administration<a class="headerlink" href="#system-administration" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2026)</strong> <a href="https://github.com/imthenachoman/How-To-Secure-A-Linux-Server"><mark>How-To Secure A Linux Server</mark></a> <span class='md-tag md-tag--info'>⭐ 27773</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-32d078ce" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 2 L 10 5 L 20 2 L 30 6 L 40 2 L 50 5" fill="none" stroke="url(#spark-grad-32d078ce)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[SHELL CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A highly comprehensive, widely reference-validated repository providing detailed, step-by-step instructions for securing enterprise Linux installations. Key configurations cover SSH daemon hardening, secure user boundaries, kernel performance optimizations, and automated intrusion monitoring. In modern 2026 operations, this guide remains a vital source for building secure base golden images inside automated IaC pipelines.</li>
</ul>
<h2 id="security-and-governance">Security and Governance<a class="headerlink" href="#security-and-governance" title="Permanent link">&para;</a></h2>
<h3 id="cicd-security">CICD Security<a class="headerlink" href="#cicd-security" title="Permanent link">&para;</a></h3>
<h4 id="azure-and-github-integration">Azure and GitHub Integration<a class="headerlink" href="#azure-and-github-integration" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://thomasthornton.cloud/deploying-to-azure-secure-your-github-workflow-with-oidc">Deploying to Azure: Secure Your GitHub Workflow with OIDC</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Analyzes the mechanism of securing deployment pipelines on Azure by leveraging GitHub Actions with OIDC federation. This setup eliminates credential rotation burdens and prevents high-privilege credential leakage. The article guides developers through creating federated credentials in Azure AD and configuring GitHub workflows for passwordless authentication.</li>
</ul>
<h2 id="security-and-identity">Security and Identity<a class="headerlink" href="#security-and-identity" title="Permanent link">&para;</a></h2>
<h3 id="aws-iam-1">AWS IAM (1)<a class="headerlink" href="#aws-iam-1" title="Permanent link">&para;</a></h3>
<h4 id="access-control-1">Access Control (1)<a class="headerlink" href="#access-control-1" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://aws.amazon.com/blogs/security/when-and-where-to-use-iam-permissions-boundaries">aws.amazon.com: When and where to use IAM permissions boundaries</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A comprehensive architectural guide on implementing AWS IAM permissions boundaries to delegate authority safely. It explains how to set the maximum privilege level for IAM principals, enabling developers to create roles without escalating privileges. Essential for scaling IAM governance in decentralized engineering organizations.</li>
</ul>
<h4 id="compliance-and-monitoring">Compliance and Monitoring<a class="headerlink" href="#compliance-and-monitoring" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://github.com/aws-samples/visualize-iam-access-analyzer-policy-validation-findings"><mark>github.com/aws-samples: Visualize AWS IAM Access Analyzer Policy Validation' Findings</mark></a> <span class='md-tag md-tag--info'>⭐ 21</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-69986120" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 11 L 10 13 L 20 13 L 30 10 L 40 12 L 50 12" fill="none" stroke="url(#spark-grad-69986120)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="12" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[PYTHON CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A reference implementation that automates the visualization of AWS IAM Access Analyzer validation findings. By routing findings through Amazon EventBridge, AWS Lambda, and QuickSight, it provides operations teams with a visual dashboard of policy syntax issues and non-compliant definitions across multiple accounts.</li>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/security/how-to-monitor-and-query-iam-resources-at-scale-part-1">How to monitor and query IAM resources at scale Part 1</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Technical guide on orchestrating AWS IAM visibility at scale using AWS Config, Amazon Athena, and Amazon QuickSight. It outlines data pipeline architectures to aggregate, query, and visualize IAM configurations across an entire AWS Organization, enabling rapid detection of security regressions and unmanaged IAM entities.</li>
</ul>
<h4 id="credential-management">Credential Management<a class="headerlink" href="#credential-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://github.com/willdady/cdk-iam-credentials-rotator"><mark>willdady/cdk-iam-credentials-rotator: IAM Credentials Rotator</mark></a> <span class='md-tag md-tag--info'>⭐ 17</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-e8f14b1e" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 6 L 10 2 L 20 6 L 30 10 L 40 5 L 50 5" fill="none" stroke="url(#spark-grad-e8f14b1e)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[TYPESCRIPT CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — An AWS CDK construct designed to automatically rotate IAM credentials using AWS Lambda. This tool mitigates security risks of long-lived access keys by orchestrating automated rotation policies via Amazon EventBridge scheduler rules. While a community-focused tool, it provides a functional baseline template for serverless compliance automation.</li>
<li><strong>(2015)</strong> <a href="https://github.com/99designs/aws-vault"><mark>AWS Vault</mark></a> <span class='md-tag md-tag--info'>⭐ 8978</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-e8e78dcc" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 9 L 10 12 L 20 5 L 30 10 L 40 6 L 50 5" fill="none" stroke="url(#spark-grad-e8e78dcc)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — The industry-standard CLI utility for securely storing and accessing AWS credentials in local development workflows. It encrypts keys in OS keystores (like macOS Keychain or KWallet) and exposes temporary STS credentials via environment variables or metadata endpoints, preventing hardcoded local credentials exposure.</li>
</ul>
<h4 id="hybrid-cloud-identity">Hybrid Cloud Identity<a class="headerlink" href="#hybrid-cloud-identity" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2022)</strong> <a href="https://aws.amazon.com/blogs/security/extend-aws-iam-roles-to-workloads-outside-of-aws-with-iam-roles-anywhere">Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere 🌟</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official announcement and architectural guide detailing IAM Roles Anywhere. This service extends AWS IAM trust to on-premises servers, containers, and databases using X.509 PKI certificates. By eliminating the need for long-lived IAM user keys outside AWS, it significantly enhances hybrid-cloud security postures.</li>
<li><strong>(2022)</strong> <a href="https://jimmydqv.com/iam-anywhere">jimmydqv.com: AWS IAM Anywhere 🌟</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A hands-on case study explaining how to integrate on-premises ingestion workloads with AWS S3 using AWS IAM Roles Anywhere. It highlights the PKI handshake mechanism exchanging x.509 certificates for short-lived STS credentials, effectively deprecating long-lived IAM user keys in non-cloud environments.</li>
</ul>
<h4 id="least-privilege-automation">Least Privilege Automation<a class="headerlink" href="#least-privilege-automation" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://github.com/awslabs/terraform-iam-policy-validator"><mark>awslabs/terraform-iam-policy-validator</mark></a> <span class='md-tag md-tag--info'>⭐ 347</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-175a5d5c" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 7 L 10 11 L 20 5 L 30 3 L 40 11 L 50 10" fill="none" stroke="url(#spark-grad-175a5d5c)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="10" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[PYTHON CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A command-line tool designed to parse Terraform plans and validate IAM policies against AWS IAM Access Analyzer's validation rules during CI/CD. This enables automated static security analysis of infrastructure-as-code, blocking insecure policy deployment before they reach live environments.</li>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/security/use-iam-access-analyzer-policy-generation-to-grant-fine-grained-permissions-for-your-aws-cloudformation-service-roles">Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Detailed operational guide showing how to generate least-privilege IAM policies automatically from CloudFormation deployment histories via Access Analyzer. This workflow accelerates secure infrastructure-as-code deployments by capturing actual runtime API calls and converting them into precise, production-ready IAM policies.</li>
</ul>
<h4 id="security-analysis">Security Analysis<a class="headerlink" href="#security-analysis" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://thenewstack.io/a-deep-dive-into-the-security-of-iam-in-aws">thenewstack.io: A Deep Dive into the Security of IAM in AWS</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An exhaustive technical analysis of AWS IAM's internal security mechanics and threat vectors. The piece breaks down role assumption, principal authorization context evaluation, resource-based vs. identity-based policies, and privilege escalation patterns. Essential reading for security architects hardening AWS infrastructure.</li>
</ul>
<h4 id="single-sign-on">Single Sign-On<a class="headerlink" href="#single-sign-on" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2023)</strong> <a href="https://globaldatanet.com/tech-blog/aws-iam-identity-center-permission-management-at-scale-part-2">globaldatanet.com: .AWS IAM Identity Center Permission Management at Scale Part 2</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An in-depth guide focusing on the programmatic management of AWS IAM Identity Center (formerly AWS SSO). It explains how to deploy and scale permission sets, assignments, and identity mappings across multi-account AWS Organizations using infrastructure-as-code, drastically reducing manual administration and configuration drift.</li>
</ul>
<h3 id="network-security">Network Security<a class="headerlink" href="#network-security" title="Permanent link">&para;</a></h3>
<h4 id="threat-mitigation">Threat Mitigation<a class="headerlink" href="#threat-mitigation" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/es/blogs/security/automatically-block-suspicious-traffic-with-aws-network-firewall-and-amazon-guardduty">Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An active threat-mitigation architectural pattern integrating AWS Network Firewall and Amazon GuardDuty. By leveraging AWS Lambda to parse GuardDuty threat alerts, the architecture dynamically injects stateful IP blocking rules into the Network Firewall, creating an automated self-healing network security perimeter.</li>
</ul>
<h4 id="web-application-protection">Web Application Protection<a class="headerlink" href="#web-application-protection" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2024)</strong> <a href="https://github.com/amazon-archives/aws-waf-sample"><mark>AWS WAF sample rules</mark></a> <span class='md-tag md-tag--info'>⭐ 511</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-4ddf4895" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 11 L 10 9 L 20 9 L 30 7 L 40 7 L 50 8" fill="none" stroke="url(#spark-grad-4ddf4895)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="8" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[JSON CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> <span class='md-tag md-tag--critical'>[LEGACY]</span> — A historical repository containing sample AWS WAF rule sets and templates. Note: This repository is now officially archived by AWS. Contemporary deployment architectures rely on AWS Managed Rules or centralized configurations managed through AWS Firewall Manager rather than maintaining customized version-one JSON rules.</li>
<li><strong>(2023)</strong> <a href="https://dev.to/aws-builders/aws-waf-web-application-firewall-deep-dive-15bd">dev.to: AWS WAF (Web Application Firewall): Deep Dive</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A comprehensive technical exploration of AWS WAF deployment strategies. It covers rule evaluation order, IP sets, custom response headers, logging architectures to Kinesis Data Firehose, and best practices for configuring rate limiting and Geo-Match restrictions.</li>
<li><strong>(2015)</strong> <a href="https://aws.amazon.com/waf">AWS WAF - Web Application Firewall</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — The cloud-native web application firewall designed to protect web applications and APIs from common web exploits and bots. Integrates directly with CloudFront, Application Load Balancers, and API Gateways, offering robust managed rule sets alongside customizable rate-limiting and custom match conditions.</li>
</ul>
<h3 id="secrets-management-1">Secrets Management (1)<a class="headerlink" href="#secrets-management-1" title="Permanent link">&para;</a></h3>
<h4 id="disaster-recovery">Disaster Recovery<a class="headerlink" href="#disaster-recovery" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions">How to replicate secrets in AWS Secrets Manager to multiple Regions</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Architectural blueprint describing how to orchestrate multi-region secrets replication natively via AWS Secrets Manager. It explains synchronization mechanics, KMS encryption wrapping at rest in target regions, and read-replica endpoint configurations to guarantee low-latency access and cross-region disaster recovery capability.</li>
</ul>
<h4 id="kubernetes-integration">Kubernetes Integration<a class="headerlink" href="#kubernetes-integration" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2020)</strong> <a href="https://aws.amazon.com/blogs/containers/aws-secrets-manager-controller-poc-an-eks-operator-for-automatic-rotation-of-secrets">AWS Secrets Manager controller POC: an EKS operator for automatic rotation of secrets</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A proof-of-concept EKS Kubernetes Operator designed to synchronize and rotate AWS Secrets Manager secrets within EKS clusters automatically. It showcases pattern integration between AWS APIs and native Kubernetes Secret resources, reducing custom scripting for containerized application workloads.</li>
</ul>
<h4 id="lifecycle-management">Lifecycle Management<a class="headerlink" href="#lifecycle-management" title="Permanent link">&para;</a></h4>
<ul>
<li><strong>(2021)</strong> <a href="https://k21academy.com/aws-cloud/aws-secrets-manager">k21academy.com: AWS Secrets Manager</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A foundational technical guide to the architecture and operational model of AWS Secrets Manager. The article discusses integration mechanics with AWS RDS, IAM authorization policies, automated rotation via pre-configured Lambda templates, and encryption envelope methods using KMS.</li>
</ul>
<hr />
<p>💡 <strong>Explore Related:</strong> <a href="../GoogleCloudPlatform/">Googlecloudplatform</a> | <a href="../aws-pricing/">AWS Pricing</a> | <a href="../aws-spain/">AWS Spain</a></p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2026 Nubenetes Agentic Intelligence
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/nubenetes/awesome-kubernetes" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
<a href="https://twitter.com/nubenetes" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M459.4 151.7c.3 4.5.3 9.1.3 13.6 0 138.7-105.6 298.6-298.6 298.6-59.5 0-114.7-17.2-161.1-47.1 8.4 1 16.6 1.3 25.3 1.3 49.1 0 94.2-16.6 130.3-44.8-46.1-1-84.8-31.2-98.1-72.8 6.5 1 13 1.6 19.8 1.6 9.4 0 18.8-1.3 27.6-3.6-48.1-9.7-84.1-52-84.1-103v-1.3c14 7.8 30.2 12.7 47.4 13.3-28.3-18.8-46.8-51-46.8-87.4 0-19.5 5.2-37.4 14.3-53C87.4 130.8 165 172.4 252.1 176.9c-1.6-7.8-2.6-15.9-2.6-24C249.5 95.1 296.3 48 354.4 48c30.2 0 57.5 12.7 76.7 33.1 23.7-4.5 46.5-13.3 66.6-25.3-7.8 24.4-24.4 44.8-46.1 57.8 21.1-2.3 41.6-8.1 60.4-16.2-14.3 20.8-32.2 39.3-52.6 54.3"/></svg>
</a>
<a href="https://www.linkedin.com/groups/1937212/" target="_blank" rel="noopener" title="www.linkedin.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3M135.4 416H69V202.2h66.5V416zM102.2 96a38.5 38.5 0 1 1 0 77 38.5 38.5 0 1 1 0-77m282.1 320h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"annotate": null, "base": "..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.top", "navigation.tracking", "navigation.sections", "navigation.expand", "navigation.indexes", "search.suggest", "search.highlight", "search.share", "content.code.copy", "content.action.view", "content.action.edit", "content.tooltips", "navigation.prune", "toc.integrate"], "search": "../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../assets/javascripts/bundle.79ae519e.min.js"></script>
<script src="../static/v2_filter.js"></script>
</body>
</html>