A cloud setup with switches: make the storage bucket public, open a security group to 0.0.0.0/0, grant IAM admin, hardcode a secret. Each flip lights up the path an attacker takes from the internet to your data โ then fix them to go green.
Here's your cloud setup. Flip any setting to its insecure value and watch the attack path open from the internet to your data. Fix them all to go green.
Posture: Secure ยท 0 open holes
๐Internet
๐ Storage bucket
๐ Security group
๐ IAM role
๐คซ Secrets
๐ Audit logging
๐ Encryption at rest
๐ Storage bucket
๐ Security group
๐ IAM role
๐คซ Secrets
๐ Audit logging
๐ Encryption at rest
What just happened
โนMost cloud breaches aren't clever hacks โ they're configuration mistakes: a public bucket, a security group open to 0.0.0.0/0, an admin IAM role, a hardcoded secret, no audit log, no encryption.
โนEach toggle here flips one real-world setting between safe and dangerous, and shows the exact path it opens for an attacker. They stack: a public bucket AND no encryption AND no audit log is a silent, total exposure.
โนThe defense is boring and effective: safe defaults (block public access, deny-by-default, least privilege), secrets in a vault, encryption on, and audit logging always on. Make the secure choice the default, not a thing someone has to remember.