Chapter 7

Dorothy Gale Secures the Emerald City Cloud

Dorothy Gale, Cloud Architect at Emerald City Solutions, has just inherited a sprawling AWS environment built rapidly during the company's pandemic-era growth. The footprint includes managed Kubernetes clusters running customer workloads, a fleet of Lambda functions stitched together by API Gateway, an S3 bucket holding eight years of customer data, and a half-dozen SaaS apps that the marketing team adopted without telling IT.

Last quarter brought two scares. First, a security researcher demonstrated that a misconfigured Lambda IAM role had read access to the customer S3 bucket — and the function had a server-side request forgery flaw that an attacker could have exploited to pivot. (The Capital One breach had used a strikingly similar pattern.) Second, an external auditor flagged that the bucket was "public" — though it later turned out only the bucket policy was misread; objects inside had no public ACLs. Either way, the auditor was unimpressed.

Dorothy now has board backing to tighten things up. Her plan covers responsibility boundaries, container and serverless hardening, API protections, governance of shadow SaaS, customer-managed encryption, and a layered control strategy that includes detective and preventative components — not just preventative.

Complete Dorothy's cloud security plan by selecting the correct option for each blank.

First, Dorothy reminds the team that under the , AWS is responsible for security of the cloud (hypervisor, physical data center, managed control planes), while Emerald City is responsible for security in the cloud (IAM configuration, data, OS patching where applicable, network rules).

For the Kubernetes clusters, she will require all images to pass through an before they can be deployed, and she will enforce least-privilege pod identities using rather than node-level credentials.

For the Lambda functions, Dorothy will scope each function's IAM role to only the specific S3 prefixes it needs — a direct application of the principle. The API Gateway in front of them will enforce for client-to-API authorization and to blunt abuse and runaway costs.

To discover and govern the shadow SaaS adopted by marketing, Dorothy will deploy a , configured in API mode to inspect data already in those tenants and produce a Shadow IT report.

For the customer S3 bucket, she will switch from AWS-managed encryption keys to so Emerald City can revoke access cryptographically without AWS's involvement and meet a customer contract that requires it. To detect public-exposure regressions, she will turn on — a continuous configuration-monitoring service — rather than relying on the next annual audit.

Finally, when customer data is deleted from S3, Dorothy must address the risk that fragments of the data remain recoverable from underlying storage media. This residual-data risk is called , and the contractual mitigation is to require provider attestation of secure deletion procedures.