Technical articles on AWS, Terraform, CI/CD, Kubernetes, and cloud architecture.https://haitmg.pl/en-ushttps://haitmg.pl/blog/aws-active-abuse-detection-threat-feed/https://haitmg.pl/blog/aws-active-abuse-detection-threat-feed/cloud-audit Threat Feed v1 - 10 open source detectors mapped to documented 2025-2026 AWS incidents. Confirmed signals, strong heuristics, precursors. CLI, MIT.Tue, 12 May 2026 00:00:00 GMTawssecuritythreat-detectionopen-sourcecloud-auditincident-responseseslambdaiambedrockhttps://haitmg.pl/blog/prisma-airs-azure-scm-gotchas/https://haitmg.pl/blog/prisma-airs-azure-scm-gotchas/Field notes from building Prisma AIRS Network Intercept in Azure under Strata Cloud Manager. 8 silent failures (PBF without UDR, Target Models trap) - with fixes.Mon, 11 May 2026 00:00:00 GMTazurepalo-altoprisma-airsai-securityscmssl-decryptionsecuritynetworkinghttps://haitmg.pl/blog/self-hosted-k3s-aws-auth-benchmark/https://haitmg.pl/blog/self-hosted-k3s-aws-auth-benchmark/Side-by-side benchmark of 4 AWS auth methods for self-hosted K3s: Instance Profile, IRSA-S3, IRSA-CloudFront, Roles Anywhere. Cold start, failures, cost.Wed, 06 May 2026 00:00:00 GMTawskubernetesk3siamirsaroles-anywhereoidcsecuritydevopshttps://haitmg.pl/blog/aws-iam-privesc-scanners-benchmark/https://haitmg.pl/blog/aws-iam-privesc-scanners-benchmark/I ran 5 OSS AWS IAM privesc scanners against 57 escalation paths. Coverage ranged from 7% to 93%. Full matrix, raw outputs, and per-tool caveats inside.Tue, 28 Apr 2026 00:00:00 GMTawsiamsecurityoss-toolsprivilege-escalationbenchmarkhttps://haitmg.pl/blog/aws-bedrock-agentcore-network-modes/https://haitmg.pl/blog/aws-bedrock-agentcore-network-modes/I lab-tested all three AWS Bedrock AgentCore network modes after Unit 42's April 7 disclosure. SANDBOX now isolated, VPC mode still leaks DNS - fix inside.Mon, 27 Apr 2026 00:00:00 GMTawsbedrockagentcoresecurityai-agentsdns-firewallvpccloud-securityhttps://haitmg.pl/blog/github-actions-security-after-trivy-attack/https://haitmg.pl/blog/github-actions-security-after-trivy-attack/What failed in the Trivy and tj-actions supply chain attacks. 12 concrete hardening steps with YAML and Terraform code for GitHub Actions pipelines.Wed, 15 Apr 2026 00:00:00 GMTgithub-actionssupply-chain-securityawsci-cdsecurityoidchttps://haitmg.pl/blog/aws-security-cli-tools-2026/https://haitmg.pl/blog/aws-security-cli-tools-2026/Prowler, Trivy, CloudFox, Heimdall, and cloud-audit compared. What each does, where it falls short, and which one fits your workflow.Thu, 02 Apr 2026 00:00:00 GMTawssecurityopen-sourcedevopscloud-securityclihttps://haitmg.pl/blog/debugging-aws-iam-privilege-escalation-multi-model-ai/https://haitmg.pl/blog/debugging-aws-iam-privilege-escalation-multi-model-ai/How to debug IAM Access Denied errors, spot OIDC privilege escalation, and write Terraform fixes using multi-model AI consensus - querying multiple LLMs simultaneously to eliminate hallucinations.Sat, 28 Mar 2026 00:00:00 GMTawsiamsecurityaiterraformdevopscloud-securityhttps://haitmg.pl/blog/cis-aws-benchmark-automation/https://haitmg.pl/blog/cis-aws-benchmark-automation/Run a full CIS AWS Foundations Benchmark v3.0 assessment from your terminal. 62 controls, 55 automated, per-control Terraform remediation.Fri, 27 Mar 2026 00:00:00 GMTawssecuritycompliancecis-benchmarkterraformdevopscloud-securityopen-sourcehttps://haitmg.pl/blog/aws-security-scanners-compared/https://haitmg.pl/blog/aws-security-scanners-compared/One scanner runs 572 AWS checks. Another is unmaintained since May 2024. The third fits your CI with 94 curated checks. Real runs, not marketing.Wed, 18 Mar 2026 00:00:00 GMTawssecuritydevopsopen-sourcecloud-securityprowlerscoutsuitecloud-auditcspmhttps://haitmg.pl/blog/github-actions-oidc-aws-backdoor/https://haitmg.pl/blog/github-actions-oidc-aws-backdoor/One missing condition in your IAM trust policy exposes every role to any public GitHub repository. I found this in a live audit. Here is the one-line fix.Mon, 16 Mar 2026 00:00:00 GMTawssecuritygithub-actionsdevopsoidchttps://haitmg.pl/blog/aws-cost-waste-audit-findings/https://haitmg.pl/blog/aws-cost-waste-audit-findings/AWS cost waste averages 27-35% of cloud spend. 5 patterns I find in every audit: orphaned EBS, infinite CloudWatch retention, idle NAT Gateways, gp2 volumes, oversized RDS. CLI commands and Terraform fixes included.Sat, 14 Mar 2026 00:00:00 GMTawscost-optimizationterraformdevopscloud-architecturehttps://haitmg.pl/blog/palo-alto-vm-series-aws-transit-gateway-gwlb/https://haitmg.pl/blog/palo-alto-vm-series-aws-transit-gateway-gwlb/Three years of Palo Alto VM-Series with GWLB and Transit Gateway. 9 failure modes that cost billable hours: asymmetric routing, MTU, health checks.Tue, 10 Mar 2026 00:00:00 GMTawspalo-altosecurityterraformcloud-architecturehttps://haitmg.pl/blog/aws-network-firewall-security-test-results/https://haitmg.pl/blog/aws-network-firewall-security-test-results/Q1 2025 independent test: 12 of 2,028 exploits blocked by AWS Network Firewall. Zero against bypass techniques. Check Point and Palo Alto both above 99%.Sun, 08 Mar 2026 00:00:00 GMTawssecuritypalo-altocloud-architecturehttps://haitmg.pl/blog/aws-iam-access-denied-debugging/https://haitmg.pl/blog/aws-iam-access-denied-debugging/Since January 2026, AWS names the exact policy ARN that blocked you. 7-layer evaluation order, STS decode command, and a debugging flowchart.Sat, 07 Mar 2026 00:00:00 GMTawssecurityiamdevopshttps://haitmg.pl/blog/aws-network-firewall-vs-palo-alto-vm-series/https://haitmg.pl/blog/aws-network-firewall-vs-palo-alto-vm-series/CyberRatings Q1 2025: AWS Network Firewall blocked 0.59% of 2,028 exploits. Palo Alto scored 99.6%. Full cost and detection comparison.Wed, 04 Mar 2026 00:00:00 GMTawspalo-altosecurityterraformcloud-architecturehttps://haitmg.pl/blog/aws-security-audit-checklist/https://haitmg.pl/blog/aws-security-audit-checklist/Root without MFA, public RDS, 900-day-old keys. 17 AWS security misconfigurations I find in almost every account audit.Wed, 04 Mar 2026 00:00:00 GMTawssecuritycloud-architecturedevopshttps://haitmg.pl/blog/vulnerability-report-for-executives/https://haitmg.pl/blog/vulnerability-report-for-executives/89 CRITICAL CVEs in production, CEO wants a report by Friday. A framework for translating scan results into executive action.Sat, 28 Feb 2026 00:00:00 GMTsecurityvulnerability-managementkubernetesdevopsleadershiphttps://haitmg.pl/blog/terraform-module-validation/https://haitmg.pl/blog/terraform-module-validation/Validation blocks, preconditions, and postconditions. Three snippets you can drop into any Terraform module today. When each beats the others.Fri, 27 Feb 2026 00:00:00 GMTterraformiacawsbest-practiceshttps://haitmg.pl/blog/cloud-run-sigill-avx512-llama-cpp/https://haitmg.pl/blog/cloud-run-sigill-avx512-llama-cpp/Google silently swapped to Sapphire Rapids without AVX-512 runtime. llama.cpp crashed after 6 months working. The 20-second fix and how to detect it first.Fri, 27 Feb 2026 00:00:00 GMTcloud-rundebuggingllama-cppgcpai-infrastructure