RivasSec

Infrastructure. Security. Insight.

Field notes on infrastructure security, cloud hardening, Kubernetes, IAM, and OSINT by RivasSec.

Start here

DevSecOps

IAM Roles That Fail Loud: Small Defaults, Big Difference

A small Pulumi library that treats IAM safety as a precondition: mandatory permissions boundary, no wildcard trust, no wildcard actions, every opt-out explicit.

4 min read

Latest posts

IAM Roles That Fail Loud: Small Defaults, Big Difference

Posted on Tue 12 May 2026 in DevSecOps • 4 min read

aws
iam
pulumi
python
devsecops

A small Pulumi library that treats IAM safety as a precondition: mandatory permissions boundary, no wildcard trust, no wildcard actions, every opt-out explicit.

Elasticsearch Snapshot Verification, Minimal Privileges

Posted on Sun 20 April 2025 in DevSecOps • 3 min read

elasticsearch
prometheus
observability
iam

Verify Elasticsearch snapshots without manage_snapshot: minimal API key, Prometheus-friendly script, and a public tools repo for hardened monitoring automation.