AiOpsOneAiOpsOne
AI-powered AWS Security & Cloud Operations

AWS Security, built for APRA-regulated Australia

CPS 234, CPS 230, the Cyber Security Act’s ransomware reporting, and FAR’s personal accountability mean your board now needs demonstrable, current evidence on AWS — and the existing tooling is either four years stale or thousands a month.

Big Data engineer? The free tools are still here →

15+ years platform engineering · enterprise data security at MNC scale · AWS Solutions Architect & AWS Security Specialty certified

AWS Certified Security – SpecialtyAWS Certified Solutions Architect – Associate

Stay current

CPS 230 came into force in 2025, the Cyber Security Act added ransomware reporting, and FAR put accountability on named executives. Most AWS setups haven’t caught up.

Map controls to real AWS services

Not abstract regulatory paragraphs — actual AWS Config rules, IAM policies, GuardDuty, and Security Hub findings that satisfy each obligation.

Board-ready evidence

Turn technical findings into language a compliance officer can hand to APRA — demonstrable, current, and traceable to the standard.

Featured writing

All posts →
AWS Security

Fix: Unencrypted S3, EBS and RDS (Encryption at Rest)

Encryption-at-rest findings come in bulk and are easy to clear with account defaults — so they should never be the thing that's still red at audit. Here's the one-time fix per service.

AWS Security

Fix: CloudTrail Not Multi-Region or Missing Log File Validation

If CloudTrail isn't multi-region with log file validation on, you have a blind spot and no proof your logs are untampered. Both are direct audit findings. Here's the fix.

AWS Security

Fix: Security Groups Open to 0.0.0.0/0 on SSH/RDP

A security group allowing the whole internet to reach port 22 or 3389 is the highest-blast-radius finding most environments have. Here's how to find them all and close them properly.

Building in the open

cps234-aws-config-pack

Updated CPS 234 / CPS 230 conformance pack for AWS Config

aiopsone-au-landing-zone

Terraform for a CPS 234-aligned landing zone + Essential Eight ML3

steampipe-mod-aws-compliance-apra

A Steampipe/Powerpipe APRA compliance mod

apra-compliance-narrator

AI tool: AWS findings → APRA-paragraph narrative reports

Before AWS Security, I spent years running Kafka, Hadoop and CDP at scale. Those free tools — the YARN calculator, HDFS planner, Spark sizer and queue designer — are still live and still free. Use the Big Data tools →

Get the CPS 234 → AWS Controls cheatsheet

A practitioner mapping of every APRA CPS 234 control to the real AWS services that satisfy it. Free — straight to your inbox.

No spam. Unsubscribe anytime. See our privacy policy.