Security
- Stop copying AWS managed policies — deny what you don't want instead
- The IAM policy controls access — the document controls how people feel about it
- IAM trust policies silently accept wildcards in principals — and silently deny everything
- The Over-Mighty Subject: why your site repos have too much power
- Expression injection in GitHub Actions repository_dispatch — and the one-line fix
- Your CI/CD dispatch token can rewrite your infrastructure code
- What building infrastructure for a startup actually looks like
- Your ACM certificate request is a beacon — scanners are watching Certificate Transparency logs