Andrzej Skrodzki

Andrzej SkrodzkiEssays and notes on cloud and Kubernetes security.https://skrodzki.dev/How SCPs really evaluate cross-account conditionshttps://skrodzki.dev/writing/scp-cross-account-conditions/https://skrodzki.dev/writing/scp-cross-account-conditions/A walk through a surprising AWS Organizations SCP evaluation case.Tue, 12 May 2026 00:00:00 GMTA Kubernetes RBAC pattern that silently grants cluster-adminhttps://skrodzki.dev/writing/k8s-rbac-cluster-admin/https://skrodzki.dev/writing/k8s-rbac-cluster-admin/Aggregated ClusterRoles can escalate without anyone noticing.Tue, 03 Mar 2026 00:00:00 GMT