AWS Security Audit Checklist: 30 Things to Check in 2026
Most AWS accounts don’t get breached because of some exotic zero-day. They get breached - or hit with a surprise bill - because of boring, fixable misconfigurations that nobody owned: a public S3 bucket, a long-lived access key, a security group open to 0.0.0.0/0, CloudTrail that was never turned on. This is the checklist I actually run when I audit a client’s AWS account. Work through it honestly. Every box you can’t tick is a risk, a surprise bill, or a 2 a.m. incident waiting to happen. Most teams can get through it in an afternoon. ...