AWS ASSESSMENT

A cloud security assessment covering GuardDuty, CloudTrail, and IAM hardening across production accounts.
SERVICE /
CLOUD SECURITY
CLIENT /
ENTERPRISE CLIENT
YEAR /
2024
THE PROBLEM
Production AWS accounts had grown faster than their permission model. Roles accumulated policies that nobody mapped to actual API usage. Cross-account trust relationships lacked external ID requirements. GuardDuty fired on expected CI activity often enough that teams muted findings. CloudTrail coverage had gaps the client did not know about until the assessment started. Scanner output ranked everything by generic severity instead of what could actually hurt them.
MY APPROACH
I mapped every role and policy to real API calls through CloudTrail rather than trusting what IAM said on paper. Unused permissions were removed. Trust relationships got explicit external ID requirements where cross-account access was required. GuardDuty findings were tuned against known CI patterns. Findings were ranked by blast radius so remediation order reflected business risk, not scanner defaults.
THE SOLUTION
The assessment delivered an IAM map tied to observed usage, a tuned GuardDuty baseline, and validated CloudTrail integrity across production accounts. Remediation shipped as Terraform modules so fixes persisted after the engagement ended instead of living in a PDF someone filed away.
WHAT CHANGED
The client reduced permission sprawl across production accounts, cut GuardDuty noise to actionable signal, and closed audit trail gaps. Infrastructure-as-code modules meant hardening outlasted the consultant. The report ranked what to fix first by what could actually be exploited, not by what a scanner yelled loudest about.