How does it improve CI/CD safety?

It guides the setup of OIDC-based authentication to eliminate long-lived tokens and integrates automated secret scanning and dependency auditing into your pipelines.

How does this skill help with IAM roles?

It provides logic to enforce the principle of least privilege, helping you replace broad permissions with specific, resource-scoped access to reduce your attack surface.

Does it support multiple cloud providers?

While it features specific examples for AWS and Cloudflare, the core security principles and checklists are applicable to Vercel, Railway, GCP, and Azure.

Does it include network security checks?

Yes, it covers VPC isolation, security group hardening, and WAF configuration to protect your infrastructure from unauthorized external access.

Can it help migrate hardcoded secrets?

Yes, it provides implementation patterns for moving hardcoded credentials into secure services like AWS Secrets Manager or HashiCorp Vault with automated rotation.

Cloud Infrastructure Security

Name: Cloud Infrastructure Security
Author: ValorVie

byValorVie

•

Infraestructura en la Nube

Hardens cloud deployments by enforcing security best practices across IAM, CI/CD pipelines, and infrastructure configurations.

This skill provides comprehensive guidance for securing cloud infrastructure environments on platforms like AWS, Vercel, and Cloudflare. It assists developers in implementing the principle of least privilege for IAM, managing secrets securely via dedicated managers, hardening network configurations, and setting up robust CI/CD security audits. By using this skill, users can identify common misconfigurations like public S3 buckets or open RDS instances before deployment, ensuring compliance with industry standards and reducing the risk of data breaches through proactive infrastructure-as-code (IaC) review.

Características Principales

013 GitHub stars

02IAM and access control auditing with least privilege enforcement

03Secure secrets management and automated rotation strategies

04CI/CD pipeline security including OIDC and dependency scanning

05Automated backup and disaster recovery planning templates

06Network hardening for VPCs, Security Groups, and WAF configurations

Casos de Uso

01Auditing existing cloud resource configurations to prevent public exposure

02Configuring secure GitHub Actions workflows for automated cloud deployment

03Reviewing Terraform or CloudFormation scripts for security vulnerabilities

Características Principales

013 GitHub stars

02IAM and access control auditing with least privilege enforcement

03Secure secrets management and automated rotation strategies

04CI/CD pipeline security including OIDC and dependency scanning

05Automated backup and disaster recovery planning templates

06Network hardening for VPCs, Security Groups, and WAF configurations

Casos de Uso

01Auditing existing cloud resource configurations to prevent public exposure

02Configuring secure GitHub Actions workflows for automated cloud deployment

03Reviewing Terraform or CloudFormation scripts for security vulnerabilities