I Collected all the Crown Jewels in the AWS Cloud

Oct 22, 2022

How Twilio Improved Control of AWS Root Credentials at Scale

Twilio was founded in 2008 to bring Twilio Programmable Voice to the market and was originally built with a small…

www.twilio.com

I recently wrote an article (link above) about a project I worked on and also spoke about it at the BSides San Diego 2022.

Here is a summary — some of the slides — that I spoke about which are worth mentioning…

Managing Thousands of root credentials for AWS Accounts

Do Credentials Management and Ownership right from the Start

Who else knows that this information is required to reset the MFA?

AWS Organization Service Control Policy Saves the Day

Security Wins — Decreased Time To Respond and Attack Surface

Everyone Loves Takeaways

Thank you all who attended and gave me feedback!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Root Credentials

Service Control Policies

Written by cyberkravmaga

DevSecOps Servant

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

More from cyberkravmaga

The Prod’, Stag’, Dev’ Environments Misconception

cyberkravmaga

The Prod’, Stag’, Dev’ Environments Misconception

“You can test your application against my development environment.”

May 2, 2019

What does it mean to be a Dev(Sec)Ops Engineer?

In

What About Security?

by

cyberkravmaga

What does it mean to be a Dev(Sec)Ops Engineer?

As much as I try to keep this a light topic, I can’t seem to do so. There are so many skills and tasks I do everyday that involves so much…

Mar 27, 2017

Red Team the Culture with DevSecOps — A look at what it is

In

What About Security?

by

cyberkravmaga

Red Team the Culture with DevSecOps — A look at what it is

This article is a follow up to my earlier blog about what it means to be a DevSecOps engineer, as I did promise an article expressing how I…

Apr 25, 2018

Notice Device not found

In

What About Security?

by

cyberkravmaga

Eating My 2FA Dog Food and Making it Taste Good

Disclaimer: I do not represent any organization .I am not promoting nor name shaming any products. All are my own groggy opinions after…

Mar 6, 2020

See all from cyberkravmaga

Recommended from Medium

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

In

Level Up Coding

by

Jacob Bennett

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

Tools I use that are cheaper than Netflix

Jan 7

How I Am Using a Lifetime 100% Free Server

Harendra

How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

Oct 26, 2024

Lists

Natural Language Processing

1977 stories1620 saves

Mastering AWS VPC Endpoints: In-Depth Traffic Analysis and Private Connectivity

Rahulbhatia1998

Mastering AWS VPC Endpoints: In-Depth Traffic Analysis and Private Connectivity

In the world of cloud computing, security and network efficiency are paramount. AWS provides a robust mechanism to enhance both through VPC…

Nov 11, 2024

Jeff Bezos Says the 1-Hour Rule Makes Him Smarter. New Neuroscience Says He’s Right

Jessica Stillman

Jeff Bezos Says the 1-Hour Rule Makes Him Smarter. New Neuroscience Says He’s Right

Jeff Bezos’s morning routine has long included the one-hour rule. New neuroscience says yours probably should too.

Oct 30, 2024

Kubernetes

In

Stackademic

by

Crafting-Code

I Stopped Using Kubernetes. Our DevOps Team Is Happier Than Ever

Why Letting Go of Kubernetes Worked for Us

Nov 19, 2024

Google just confirmed the AI reality many programmers are desperately trying to deny

In

Coding Beauty

by

Tari Ibaba

Google just confirmed the AI reality many programmers are desperately trying to deny

AI is slowly taking over coding but many programmers are still sticking their head in the sand about what’s coming…

Feb 20

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams