Cloud Attack Surface
Cloud Attack Surface: IAM graph hunting
Graph-first review of identity sprawl across multi-account AWS-style sandboxes with reconciliation dashboards you can show to platform owners.
Description
Labs emphasize reading trust policies as graphs, not lists. You will annotate risky edges, propose incremental fixes, and practice cloud cost ops conversations that win engineering time without overstating impact.
Features
- Terraform lab kit with intentional drift for reconciliation practice
- Session on mapping CI deploy roles to runtime workloads
- Heatmap worksheet for cross-org workflow approvals
- Breakout on incident records for mis-issued API keys
- Mentor office hours on tagging hygiene for spend tiers
Outcomes
- Export a graph PNG plus bullet list of five prioritized edges
- Draft a platform ticket with measurable acceptance criteria
- Explain one cloud cost ops win tied to a removed unused role
FAQ
Do you cover every hyperscaler?
Core labs use AWS-shaped accounts; concepts translate but Azure or GCP specifics require a tailored bootcamp.
VPN requirements?
You must install our WireGuard profile; split tunneling guidance is emailed before day one.
What is capped?
We cap concurrent screen shares at twelve per mentor to keep feedback sharp.
Participant notes
Graph hunting worksheet made the IAM lab feel less like a checklist and more like something we could show during engineering office hours.
— Owen Blake , Cloud security architect · KiteStack · 5/5
Remote-first format worked because breakout rooms had explicit scribe rotation—small detail but it kept notes even.
— Sora Watanabe · survey