Like many security teams, Riot has been challenged by new paradigms that came with the move to the cloud. We discuss how our security team has developed a security culture based on feedback and self-service to best thrive in the cloud. We detail how the team assessed the security gaps and challenges in our move into AWS, then describe how the team works within Riot's unique feedback culture. Walk away with a better understanding of securing projects within AWS without blocking development teams. Learn how we use the internal RFC process, the built-in features of AWS that help provide better security by default, our approach to developer education, and tools we developed, and those from the community, to provide visibility into the security posture of AWS.