Understanding the cloud perimeter is essential for security teams since it distinguishes between trusted and untrusted access. Misconfigurations can create vulnerabilities in this boundary, leading to unauthorized access. The article identifies two main types of misconfigurations in AWS: service exposure and access by design. Service exposure involves misconfigurations that allow public access to resources, while access by design relates to flaws in services intended for access control. Lambda functions, a core AWS service, are frequently misconfigured, making them publicly accessible. This can lead to serious issues, such as unauthorized changes to workflows and access to sensitive data. Misconfigurations typically stem from allowing public internet access and insufficient resource-based policies. EC2 instances also pose a risk; if publicly accessible, they can expose data and provide a foothold for attackers through attached roles. Configuring public access to EC2 instances involves multiple settings, including assigning public IPs and adjusting security groups. Elastic Container Registry (ECR) is another potential vulnerability. Public repositories can expose sensitive data or even allow an attacker to replace legitimate images with malicious ones. The risk here is significant because compromised images can affect any container that uses them. Enumerating repositories can reveal public access points, making ECR a target for attackers looking to exploit cloud environments.