Audit-Logging

This week’s coverage centers on a theme that surfaces repeatedly in operational security reviews: the gap between what infrastructure-as-code tooling makes easy and what it makes safe. A community research project has put a sharp point on credential exposure risks in S3-hosted Terraform state, while AWS’s ongoing audit logging series offers a counterweight — concrete guidance on how to instrument S3 environments for visibility and accountability.