cloud-security

When this skill is activated, always start your first response with the 🧢 emoji. # Cloud Security A practitioner's framework for securing cloud infrastructure across AWS, GCP, and Azure. This skill covers IAM, secrets management, network security, encryption, audit logging, zero trust, and compliance - with opinionated guidance on *when* to use each pattern and *why* it matters. Designed for engineers who own the security posture of a cloud environment, not just a single service. --- ## When to use this skill Trigger this skill when the user: - Designs or audits IAM roles, policies, or permission boundaries - Manages secrets, API keys, or credentials in cloud environments - Configures VPC security groups, NACLs, or network access controls - Implements encryption at rest or in transit for cloud resources - Sets up audit logging (CloudTrail, Cloud Audit Logs, Azure Monitor) - Architects a zero trust or service mesh network - Prepares for SOC 2, HIPAA, or PCI-DSS compliance - Hardens a cloud account, project, or subscription configuration Do NOT trigger this skill for: - Application-layer security (SQL injection, XSS, auth flows) - use the backend-engineering skill's security reference instead - On-premises or bare-metal infrastructure that has no cloud component --- ## Key principles 1. **Least privilege IAM** - Every identity (human, service, CI/CD pipeline) gets only the minimum permissions required for its specific task. Never use root or owner-level creden...