Infrastructure and Cloud Security
Section focus: Infrastructure and Cloud Security.
Best use: start with the section map below, then move into the deeper pages that match your role or stack.
Design note: this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing.
Start with these pages
| Page | Why open it first |
|---|---|
| AWS IAM and Role Design | High-value page inside Infrastructure and Cloud Security. |
| AWS IAM Snippet Pack | High-value page inside Infrastructure and Cloud Security. |
| โ๏ธ Cloud Security Across AWS, Azure, and GCP | High-value page inside Infrastructure and Cloud Security. |
| ๐ง AWS Security Baseline and Top Misconfigurations | High-value page inside Infrastructure and Cloud Security. |
| ๐ฆ Azure Security Baseline and Top Misconfigurations | High-value page inside Infrastructure and Cloud Security. |
| ๐จ GCP Security Baseline and Top Misconfigurations | High-value page inside Infrastructure and Cloud Security. |
| ๐งฑ Terraform Security Scanning and Checkov | High-value page inside Infrastructure and Cloud Security. |
| ๐ก๏ธ Security as Policy for Terraform and Infrastructure as Code | High-value page inside Infrastructure and Cloud Security. |
| ๐ Mozilla SOPS: age, KMS, and GitOps-Friendly Secret Workflows | High-value page inside Infrastructure and Cloud Security. |
| ๐ก๏ธ AWS WAF โ Practical Baseline for Managed Rules, Rate Limits, and Logging | High-value page inside Infrastructure and Cloud Security. |
| ๐ Internal PKI for Microservices โ mTLS, Certificate Automation, and Trust Distribution | High-value page inside Infrastructure and Cloud Security. |
| ๐ AWS and Azure KMS / HSM Key Management Patterns | Practical patterns for key hierarchy, envelope encryption, rotation, usage separation, and KMS/HSM operations. |
| โ๏ธ Cloud Environment Security โ IAM, Network, Storage, Service Configurations, Visibility, Posture, and Blast Radius | High-value page inside Infrastructure and Cloud Security. |
| ๐งฑ Apache, NGINX, Kafka, Redis, MySQL, MariaDB, and RabbitMQ Hardening | Practical hardening map across web, messaging, cache, and database layers, including privileged-user oversight. |
| ๐๏ธ Database Activity Monitoring, Immutable Logging, and Privileged Session Management | Practical control model for database evidence, WORM storage, and admin-session oversight. |
Related sections
Intro: This section ties identity, infrastructure as code, cloud posture, Linux, and secret management into one operator-friendly track. The goal is to keep the narrative anchored in repeatable controls and repeatable failure modes.
What this page includes
- IAM and cloud posture across AWS, Azure, and GCP
- Terraform scanning and policy-as-code
- Linux and automation baselines
- cross-links into new architecture, identity, and detection sections
โ๏ธ Core pages in this section
- AWS IAM and Role Design
- AWS IAM Snippet Pack
- โ๏ธ Cloud Security Across AWS, Azure, and GCP
- ๐ง AWS Security Baseline and Top Misconfigurations
- ๐ก๏ธ AWS WAF โ Practical Baseline for Managed Rules, Rate Limits, and Logging
- ๐ Internal PKI for Microservices โ mTLS, Certificate Automation, and Trust Distribution
- ๐ AWS and Azure KMS / HSM Key Management Patterns
- โ๏ธ Cloud Environment Security โ IAM, Network, Storage, Service Configurations, Visibility, Posture, and Blast Radius
- ๐งฑ Apache, NGINX, Kafka, Redis, MySQL, MariaDB, and RabbitMQ Hardening
- ๐๏ธ Database Activity Monitoring, Immutable Logging, and Privileged Session Management
- ๐ฆ Azure Security Baseline and Top Misconfigurations
- ๐จ GCP Security Baseline and Top Misconfigurations
- ๐ Attack Paths and Misconfigurations
- ๐งฑ Terraform Security Scanning and Checkov
- ๐ก๏ธ Security as Policy for Terraform and Infrastructure as Code
- ๐งฑ Infrastructure as Code Maturity and Test Strategy
- Terraform Snippet Pack
- ๐งฑ Terraform Top 10 Misconfigurations
- ๐ง Linux Base Image and Host Security Baseline
- ๐ค Ansible Security Baseline and Top 10 Misconfigurations
- ๐ค Ansible for EC2 Host Security: 7 High-Value Tasks That Actually Matter
- ๐ง Linux Host Security: Top 10 Misconfigurations and a Fast Audit Playbook
- ๐ Secret Management on HashiCorp Vault
- ๐ Mozilla SOPS: age, KMS, and GitOps-Friendly Secret Workflows
- Vault Installation, HA, and Automation Pack
- ๐ฐ๏ธ Cloud Auditing by API and Configuration State
- ๐ฐ๏ธ Cloud Audit Cookbook by Provider
- ๐ Semgrep for Cloud Security and Infrastructure as Code
Cross-links
- CI/CD and Software Supply Chain Security
- Container and Kubernetes Security
- ๐ชช Identity and Platform Access
- ๐๏ธ Secure Architecture Patterns
Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.