Thanks to folks including @frichetten.com for feedback about our Bedrock API key launch. We're listening. Yesterday, we updated Bedrock and IAM docs (see docs.aws.amazon.com/bedrock/late...) to clarify that these are service-specific credentials and how to prevent their use in your environment. 1/2

And we couldn't let August end without publishing our writeups for the @cloudvillage-dc.bsky.social CTF at @defcon.bsky.social unicrons.cloud/en/2025/08/3...

Wiz already released the new challenge for this month, so it is time to show how we solved the previous one! We always wanted to dig more about containers escaping, so it was a perfect opportunity to learn. unicrons.cloud/en/2025/08/1...

Major shout out to @andoniaf.unicrons.cloud for adding three new privilege escalation techniques to the Hacking the Cloud catalog! Contributions like this make everything possible. hackingthe.cloud/aws/exploita...

Do you want to build "the perfect pipeline"? @Paco_S and I will present "Level Up Your CI/CD: Building a secure pipeline with OSS" workshop at @cloudvillage-dc.bsky.social @defcon.bsky.social 🚀

We're at @fwdcloudsec.org and we have stickers. I do not know what else to say so just find us (or the stickers we left around 😂)

Is your boss telling you to reduce the bill? Then this meetup is perfect for you! FinOps for Engineers: How to create real impact in your organization 💸 with Ernesto Suarez, CEO at @GlassityStartup 🗓Thu, June 12 ⏰⁣18:30h 📍@FlywireEng office 📝RSVP: www.meetup.com/aws-valencia...

An AWS Documentation Change Tracker, cool 👏🏻 awssecuritychanges.com

Friendly reminder: IMDSv2 was released in November 2019. www.bleepingcomputer.com/news/securit...

"100% serverless Certificate Authority on AWS, only $50/year" Never thought I would hear all these words together😅 But it's true, go check this amazing project serverlessca.com by @paulschwarzen

Vaya, parece que @colibid también retransmite partidos de futbol de forma "ilegal"...

"Vibe coders" are in trouble... www.pillar.security/blog/new-vul...

En casa del herrero, cuchillo de palo. 😅 medium.com/@adan.alvare...

Open Cloud Security agenda is out! 🎉 opencloudsecurity.vfairs.com/en/#agenda

AWS Root Keys in Front-End Code?! Wtf 🙃 trufflesecurity.com/blog/researc...

Psychological safety is NOT about lack of disagreement. Psychological safety REQUIRES: * disagreement and debate * setting standards for behavior and performance, and enforcing them * telling people things they don't want to hear * courage, from the bottom up * humility, from the top down

I've been accepted as Security AWS Community Builder 🎉 🎉 That means more AWS Cloud Security stuff is coming! 🙌 #AWSCommunity

Do you agree with this chatGPT definition of "misconfiguration" in a cloud security context? How would you define it?

Want to foster a cost-conscious culture in your DevOps team? We loved this Reddit post (300+ upvotes) about a startup cutting its cloud bill by 40% in weeks by fostering a culture of cost / waste awareness.

blog.toshokelectric.com/blog/how-muc... "Industry has often landed on the terms “observability continuum” or “observability journey”, but let’s be clear: there are no endpoints (not observable/observable, start/end) here."

Couldn't make it to re:Invent last year? No problem, we've got you! 🤝 Viktor Vedmich, Senior Developer Advocate at AWS, is coming to Valencia with re:Invent re:Cap session. 🗓Wed, January 29 ⏰⁣ 18:00h 📍 Flywire office 📝 RSVP: t.co/Y7qmXreqjT

"@jcfarris.bsky.social's Three Laws of Cloud Security Auto Remediation" also known as "Please take into account this guardrails if you want to implement auto remediation without failing miserably" www.chrisfarris.com/post/three-l...

Making a giant mess then figuring out how to pick up the pieces might be the most efficient form of design out there. softwaredoug.com/blog/2024/12...

El próximo miércoles 20 se lía parda en la meetup de Valencia DevOps. A partir de las 18:00 en las oficinas de Flywire. Descubre por qué Nix está transformando la manera en que gestionamos entornos y dependencias en el desarrollo de software www.meetup.com/valencia-dev...

You know us, if we see a scoreboard, there we go. And last weekend, we weren't at #defcon32, but we didn't miss the opportunity to participate in the @cloudvillage_dc CTF😬 Here we you have the 5 challenges we were able to solve: https://unicrons.cloud/en/2024/08/13/writeup-cloud-village-ctf-2024/

It's been a while but the new episode of our IAM series is out! Let's talk about S3: https://unicrons.cloud/en/2024/06/01/iam-policy-mishaps-case-1---s3/

"S3 decryption works more like access control than decryption." "Therefore s3 encryption can prevent data exfiltration but is irrelevant after exfiltration." blog.plerion.com/s3-bucket-en...

We just launched unicrons.cloud. Check out our first blog post! IAM intro from our Sh3llCON talk, first episode of the series. unicrons.cloud/en/2024/02/2...