A cloud-native startup running entirely on AWS needed a penetration test of their infrastructure: IAM, S3, EC2, Lambda, EKS, and security groups. They had grown quickly and wanted to identify misconfigurations and over-permissive roles before scaling further.
Scope: AWS accounts (production and staging); IAM roles and policies; S3 buckets; EC2 and EKS; Lambda; VPC and security groups. Success criteria: No critical/high misconfigurations leading to privilege escalation or data exposure. Rules of engagement: testing with read-only and scoped credentials where provided; no destructive actions.
We used a combination of manual review and automated tooling (e.g. Prowler, ScoutSuite, custom scripts). Test cases included:
| Area | Test Cases Performed |
|---|---|
| IAM | Over-permissive policies, privilege escalation paths, role assumption, inline policies |
| Storage | S3 bucket ACLs and policies; public access; encryption; sensitive data exposure |
| Compute | EC2 metadata service; EKS pod security; Lambda permissions and env vars |
| Network | Security groups (0.0.0.0/0); NACLs; VPC flow logs; exposed management ports |
Standards: CIS AWS Benchmark, Well-Architected Security Pillar.
22 findings (5 critical, 8 high, 6 medium, 3 low). Critical included:
Remediation support included least-privilege policy examples, S3 lockdown steps, and EKS security context recommendations. Client remediated within 2 weeks; we retested and confirmed closure.
"Our cloud posture improved dramatically. Clear, actionable report."— DevOps Lead, Cloud-Native Startup
Scoped credentials and clear scope (e.g. no red-team) kept the engagement focused. For similar organizations: include all environments that touch production data; automate checks in CI/CD; plan for IAM and storage as high-priority areas.
Get a free security assessment and see how we can bring your security posture to manageable levels.