Something I learned a few years back: Never read vendor or conference blogs.
The number one cause of AWS security issues is human error or not understanding what you are doing. AWS provides a hell of a lot of tooling, documentation and guidance to manage those risks out of the box. What doesn't help is buying a vendor product first and assuming it's going to do magic unicorn farts and make everything ok. What it will do is cost you a ton of money and time to tick a box somewhere that seemed like a good idea.
Someone selling a solution to those is selling you snake oil.
All of the issues identified will be picked up by Trusted Advisor or complain loudly on the IAM dashboard. If you don't notice that or don't use it, then your funeral.
I find this to be pretty unhelpful. "Do better" isn't useful or actionable otherwise everyone would already be doing it. "Trusted Advisor/ The Dashboard will tell you" is empirically unhelpful, as demonstrated by the post.
The number one cause of AWS security issues is human error or not understanding what you are doing. AWS provides a hell of a lot of tooling, documentation and guidance to manage those risks out of the box. What doesn't help is buying a vendor product first and assuming it's going to do magic unicorn farts and make everything ok. What it will do is cost you a ton of money and time to tick a box somewhere that seemed like a good idea.
Someone selling a solution to those is selling you snake oil.
All of the issues identified will be picked up by Trusted Advisor or complain loudly on the IAM dashboard. If you don't notice that or don't use it, then your funeral.