Cloud Security / IAM

Cloud Security Hardening & Access Reduction

Improved cloud security posture by reducing standing access, strengthening identity controls, and shrinking attack surface from unused infrastructure.

AWSIAMSSOCloud SecurityLeast Privilege

Problem

A multi-account cloud environment had accumulated standing IAM access, orphaned resources, and overly permissive policies that expanded the attack surface unnecessarily.

Constraints

Production workloads could not be disrupted, changes required coordination across teams, and some legacy integrations depended on IAM users that needed migration paths.

Approach

Systematically audited IAM access, migrated users to SSO where possible, implemented Service Control Policies to prevent disabling security services, and retired unused resources and stale credentials.

Outcome

Significantly reduced standing access, eliminated orphaned infrastructure, and established guardrails that prevented security controls from being accidentally or intentionally disabled.

Tools

AWS IAMAWS OrganizationsSCPsTerraformAWS IAM Identity Center

Key Highlights

IAM user reduction / SSO migration theme
Least privilege focus
Guardrails preventing threat detection disablement
Retirement of orphaned services and stale access
Attack surface reduction

Details are intentionally sanitized to protect employer and client confidentiality.

← All Work Discuss Security Work