KKloud TarusKKloud Tarus
  • Blog
  • Series
  • Team
  • About

Blog

Thoughts on engineering, design, and building great products.

SeriesAll postsIAMAIAPFAPIAPI GatewayARPAWSAdmissionAffinityAggregationAnsibleAppArmorArchitectureAuthenticationAuthorization
Security: IAM Least-Privilege, Throttlin...
AWSIAM

Security: IAM Least-Privilege, Throttling, and WAF

Tighten security for the product. Shrink each function's IAM to exactly the actions it needs instead of granting the whole read-write set, set throttling at API Gateway to fight abuse, discuss where to store secrets, and how to attach WAF to an HTTP API. Verify that least-privilege doesn't break functionality, and watch the system shed load when flooded.

K
KaiMay 26, 2026· 17 views
Foundation: IAM Service Roles and the S3...
AWSCI/CD

Foundation: IAM Service Roles and the S3 Artifact Bucket

Before building the pipeline you need two foundations: IAM service roles that let AWS services act on your behalf, and an S3 bucket to hold artifacts. This article dissects how service roles and trust policies work — why a service assumes a role for temporary credentials instead of storing keys — then creates the role for CodeBuild and the artifact bucket (versioning enabled) with the AWS CLI.

K
KaiMay 25, 2026· 23 views
Open an AWS Account Safely and Set Up a ...
DevOpsSecurity

Open an AWS Account Safely and Set Up a Billing Alert

Create an AWS account the right way: enable MFA on the root account, create an IAM user for daily use, install the AWS CLI, and set a Budget so no bill catches you off guard.

K
KaiMay 23, 2026· 25 views
KKloud TarusKKloud Tarus

Explore. Build. Share.

  • Blog
  • Team
  • About
© 2026 KKloud Tarus. All rights reserved.