If you discover a security vulnerability in this project, please report it responsibly:

1. DO NOT create a public GitHub issue
2. Email security concerns to: [INSERT SECURITY EMAIL]
3. Include detailed information about the vulnerability
4. Provide steps to reproduce if possible

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if you have one)

• We will acknowledge receipt within 48 hours
• We will provide regular updates on our progress
• We will coordinate disclosure timing with you

When using this lab environment:

1. Never use production AWS accounts - Always use dedicated lab/development accounts
2. Rotate access keys regularly - Follow AWS IAM best practices
3. Monitor costs - Set up billing alerts to avoid unexpected charges
4. Clean up resources - Always run terraform destroy when finished
5. Secure your local machine - Keep your development environment updated

This lab environment is designed for educational purposes and includes:

• Open security groups for ease of setup (not production-ready)
• Default AMIs that may not be the latest versions
• Basic IAM roles for SSM access

For production use, additional hardening would be required.

We regularly update dependencies and configurations. Please:

• Keep your local Terraform version updated
• Use the latest AWS provider versions
• Review security group rules before deployment
• Monitor AWS Security Hub findings

For security-related questions or concerns, please contact the project maintainers.