Blog Archive
Terraform IaC Pipeline with GitHub Actions: A Production-Grade Guide
A complete walkthrough for building a production-grade Terraform CI/CD pipeline using GitHub Actions — covering the bootstrap problem, multi-layer architecture, OIDC authentication, security scanning, and automated deployment to AWS ECS Fargate.
Read Post
Closing the Security Scanning Gaps in Your CI/CD Pipeline
tfsec already guards your Terraform code. But secrets, container CVEs, and vulnerable npm packages can still slip through. Here is how to close every gap with five focused tools — free, open-source, and wired into your existing GitHub Actions workflow.
Read Post
Building a Security Scan Skill with Claude Code
How I built a single Claude Code custom slash command that automatically detects your project stack and runs 11 specialized security tools — covering secrets, dependency CVEs, container images, IaC misconfigurations, and SAST across 8 languages and 7 IaC frameworks.
Read Post
Terraform Multi-Layer Architecture: Bootstrap, Foundation, Platform, Application
A practical guide to structuring Terraform into four independent layers — solving the chicken-and-egg bootstrap problem, isolating blast radius, enforcing least-privilege IAM per layer, and wiring everything together with remote state references.
Read Post
Fine-Tuning a Private LLM on AWS — Task-Specific, Secure, and Cost-Effective
A practical guide to tuning an open-weight LLM for a specific business task on AWS — covering data preparation, LoRA/PEFT fine-tuning with SageMaker Spot instances, security hardening with KMS and VPC, and keeping the entire pipeline under $10.
Read Post
AI Guardrails Security — Misconfigurations, Attacks, and Defenses
A deep-dive into the guardrail architectures of Claude, ChatGPT, Gemini, and Llama — covering the most common misconfigurations with fixes, real-world attack vectors, and a practical defense-in-depth checklist for production LLM deployments.
Read Post