Aidan Steele's blog (usually about AWS)

Federating into Azure, GCP and AWS with OIDC

CloudTrail wish: almost granted

CloudFront-triggered S3 data event formats

CloudTrail wishlist: filtering by principal ARN

Surprising behaviour in AWS web console session duration

Gotcha: always use ARNs for S3 SSE-KMS

When AWS invariants aren't [invariant]

Deep dive into AWS CloudShell

How ima.ge.cx works

An AWS IAM Identity Center vulnerability

Reversing AWS IAM unique IDs

AWS role session tags for GitHub Actions

Useful flags for Go Lambda functions

Lambda CloudTrail data events

A role for all your EC2 instances

Improve GitHub Actions OIDC security posture with custom issuer

Centralised logging: from CloudWatch to Kinesis Firehose

Lambda extension environment variables

Configuration in the cloud

CloudFront and Lambda function URLs