DEV Community

Tarek CHEIKH
Tarek CHEIKH

Posted on • Originally published at aws.plainenglish.io on

The State of AWS Security 2026: Free Whitepaper, No Gate

#agenticai #cloudsecurity #informationsecurity #books

Most AWS security content falls into two buckets.

Bucket one: “Enable MFA. Use least privilege. Encrypt at rest.” Thanks. Very helpful.

Bucket two: 80-page PDF from a consulting firm. 75 pages of filler. 5 pages of actual controls. Behind an email wall. Sales call follows.

Neither is useful when you need to actually secure an AWS environment on Monday morning.

I wrote something in between. Practical. Deployable.

tocconsulting.fr/whitepaper. Free PDF. No email. No signup.

What’s in it

8 chapters. 50+ security controls. 4 architecture diagrams. 14 “What Goes Wrong in Practice” sections from real audit experience.

Chapter 1: Threat Landscape

What attackers are actually doing in 2026. Capital One (SSRF + IAM misconfiguration). Codefinger (ransomware using S3 SSE-C encryption: AWS’s own feature). Sysdig’s report on AI-assisted intrusion. Supply chain attacks through abandoned S3 buckets.

Not to scare anyone. To show what was misconfigured and what would have stopped it.

Chapter 2: IAM

The longest chapter. Least privilege that works in practice. SCPs. Permission boundaries. Assume-role chains. Identity federation.

Chapter 3: Data Protection

S3 hardening. KMS encryption, SSE-S3 vs SSE-KMS, when each matters. Macie for data classification. Bucket policies that actually do what you think they do.

Chapter 4: Network Security

VPC design. Security groups vs NACLs. Zero Trust with architecture diagrams, not just the buzzword. WAF rules.

Chapter 5: Detection

CloudTrail + GuardDuty + Security Hub as a pipeline. What events to alert on. What to ignore. Custom rules for the gaps the managed services miss.

Chapter 6: Agentic AI

Everyone’s deploying Bedrock agents. Almost nobody is securing them.

Prompt injection in production. Tool-use boundaries. AI-specific IAM: what happens when your agent has an over-permissioned role (same thing as any over-permissioned identity, except the attack surface now includes natural language).

Chapter 7: Compliance

CIS, SOC 2, ISO 27001: mapped to specific AWS controls and Config rules. What auditors ask. How to have the answer ready.

Chapter 8: Action Plan

What to fix this week. What to fix this month. What to fix this quarter. Prioritized.

Quick overview 

| | |
|---------------------------|-----------------------|
| Chapters | 8 |
| Security controls | 50+ |
| Architecture diagrams | 4 |
| Real-world case studies | 14 |
| Price | Free |
| Email required | No |
Enter fullscreen mode Exit fullscreen mode

Companion resource

I also published 54 AWS Security Cards: one per service, with attack vectors, misconfigurations, CLI commands, and detection indicators. The whitepaper is the strategy. The cards are the per-service reference.

tocconsulting.fr/security-cards

Links

Top comments (0)