Tarek Cheikh
Founder & AWS Cloud Architect
You're managing hundreds of AWS resources across multiple regions. Security vulnerabilities lurk in public S3 buckets, deprecated Lambda runtimes threaten compliance, and idle EC2 instances drain your budget. Meanwhile, you're drowning in manual checks, spreadsheet inventories, and alert fatigue.
What if I told you there's a better way?
Over the next 14 episodes, I'll unveil an arsenal of production-ready scripts that have saved organizations thousands of dollars and prevented countless security incidents. Each tool comes in two flavors: a CLI version for immediate investigations and a Lambda version for automated, scheduled monitoring.
This isn't just code dumping. Each episode dives deep into:
Each script serves dual purposes:
CLI Version: Perfect for:
Lambda Version: Ideal for:
Every Lambda version includes a secret weapon: parallel region processing. While traditional scripts crawl through regions sequentially, these implementations leverage concurrent execution for 85–90% performance improvements. When you're dealing with enterprise-scale AWS environments, this isn't just convenience — it's necessity.
These scripts have:
Episode 1: "Hunting Deprecated Lambda Runtimes — Before They Become Problems"
Discover how to systematically identify Lambda functions running on deprecated runtimes across all regions. We'll explore the security implications of outdated runtimes, build both CLI and automated Lambda solutions, and implement SNS alerting that keeps your team ahead of AWS deprecation timelines.
Spoiler: The Lambda version processes 16 regions in parallel, completing in seconds what used to take minutes.
Whether you're a security engineer hunting vulnerabilities, a DevOps practitioner optimizing costs, or an architect building compliance frameworks, this arsenal will transform how you manage AWS at scale.
Each episode includes:
This article is just the start. Get the full picture with our free whitepaper - 8 chapters covering IAM, S3, VPC, monitoring, agentic AI security, compliance, and a prioritized action plan with 50+ CLI commands.
Toc Consulting: AWS Security & Cloud Architecture
Our team helps engineering teams secure and architect AWS the right way: assessment in week one, a prioritized action plan in week two.
Part 4 of 4 in the Lambda Security Series. The half no posture scanner reaches: event-data injection, stealable execution-role credentials, insecure deserialization, dependency and code scanning, runtime secrets, and detection.
Part 3 of 4 in the Lambda Security Series. Map every Lambda security finding to ten compliance frameworks (PCI DSS, HIPAA, SOC 2, ISO 27001, NIST, GDPR), then fix each of the 19 checks with a precise AWS CLI command.
Spin up a local AWS, plant deliberately insecure resources, and run real security scanners against it. No account, no token, no cost, no risk.