Blog
Notes on AWS security posture from the team building Beruni. The controls behind the findings, and the patterns we keep seeing in real accounts.
Exactly what AWS permissions Beruni needs, and why
The single AWS managed policy behind Beruni's read-only role, why we use AWS's SecurityAudit policy instead of a custom one, and the ExternalId trust condition that revokes our access in one API call.
Beruni vs ScoutSuite: which AWS security tool fits your team
ScoutSuite is the free Python CLI for one-off AWS audits. Beruni is the hosted, compliance-mapped scan built for SOC 2 and PCI evidence. How to choose.
The 10 most common AWS misconfigurations we found scanning beta accounts
The 10 most common AWS misconfigurations (public S3, wildcard IAM, open SSH, default security groups, public DB snapshots), each with a one-command CLI fix.