CIS13: AWS Identity and Access Management
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

CIS13: AWS Identity and Access Management

  • 946 views
Uploaded on

Jim Scharf, Director, AWS Identity and Access Management, Amazon ...

Jim Scharf, Director, AWS Identity and Access Management, Amazon
Amazon Web Services customers include students, startups, mobile developers, enterprises and government agencies. Learn how AWS Identity and Access Management provides access control for trillions of cloud resources.

More in: Travel , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
946
On Slideshare
923
From Embeds
23
Number of Embeds
2

Actions

Shares
Downloads
61
Comments
0
Likes
0

Embeds 23

https://www.linkedin.com 14
http://www.linkedin.com 9

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. AWS Identity and Access Management Jim Scharf 7/11/2013
  • 2. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Jim Scharf Director, AWS Identity and Access Management Joined AWS in 2004 Own •  AWS Identity and Access Management •  Authentication, Authorization •  Federation Introductions
  • 3. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Enable businesses and developers to use web services* to build scalable, sophisticated applications. *What people now call “the cloud” AWS Mission
  • 4. Free steak campaign Facebook page Mars exploration operations Consumer social app Gene sequencing Marketing web site Interactive TV apps Financial markets analytics Web site & media sharing Disaster recovery Media streaming Web and mobile apps Diverse  Customers,  Wide  Range  of  Use  Cases   ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.  
  • 5. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Mission-­‐criFcal   Projects     Mars  Rover  Image   processing   Video  Streaming   for  Landing   Scale  up  as   needed   Highly  Parallel   Processing   Whole  World   Watching   One-­‐Time  Event   Mars  Rovers  OperaFons
  • 6. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Panoramas  of  5  Gigapixels,  created  on  AWS  in  just  5  minutes!   Curiosity ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.  
  • 7. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Daily  Mars  Rover  Data  Processing  Window  (2  hours)   Serial  Process   Upload  Plan   Pre-­‐cloud:   Parallel   Process   Upload  Plan   Cloud:   Increased  available  mission  planning  Fme  by  1.5  hours!   Mission  Data  Processing
  • 8. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   More on NASA & AWS AWS  Re:Invent  Conference,  2012  Keynote  Video   hp://youtu.be/8FJ5DBLSFe4?t=11m58s    
  • 9. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Compute   Networking   Storage  &    CDN   Amazon  EC2   Amazon  ElasFc  MapReduce   Amazon  ElasFc  Load  Balancer     Amazon  Route  53   Amazon  Virtual  Private  Cloud   AWS  Direct  Connect     Amazon  S3   Amazon  Glacier   Amazon  EBS   AWS  Import/Export   Amazon  CloudFront     Database   App  Services   Management   Amazon  RDS   Amazon  DynamoDB   Amazon  ElasFCache   Amazon  Redshie     Amazon  CloudSearch   Amazon  SWF   Amazon  SQS  (Queues)   Amazon  SNS  (NoFficaFons)   Amazon  SES  (Email)   Amazon  ElasFc  Transcoder     AWS  IAM   Amazon  CloudWatch   AWS  ElasFc  Beanstalk   AWS  CloudFormaFon   AWS  Data  Pipeline   AWS  OpsWorks   AWS  CloudHSM   AWS  Trusted  Advisor   AWS  Marketplace   AWS Services
  • 10. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Access control for AWS services and resources AWS Identity and Access Management
  • 11. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.  
  • 12. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Difference #1
  • 13. Image  courtesy  of:    hp://imgsrc.hubblesite.org/hu/db/images/hs-­‐2005-­‐01-­‐a-­‐full_jpg.jpg   ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.  
  • 14. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   AWS Scale •  $5.2B e-commerce company •  7,800 employees •  A whole lot of servers! Every day (on average), AWS adds server capacity equivalent to that entire $5.2B enterprise
  • 15. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Trillions Resources
  • 16. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Million+ Requests/Second  
  • 17. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Hundreds of Thousands Customers in 190 countries each with one to millions of identities
  • 18. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Lots! Servers  
  • 19. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Global
  • 20. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Difference #2
  • 21. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Resources
  • 22. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Cloud Services Amazon   EC2  
  • 23. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Instance O/S
  • 24. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Cloud Services Amazon   EC2   Amazon   S3   Amazon   ElasFc   MapReduce   AWS   Storage   Gateway   Amazon   DynamoDB   Amazon   RDS   Amazon   ElasFCache   Amazon   Route  53   Amazon   VPC   Amazon   CloudFront   Amazon   CloudWatch   Amazon   ElasFc   Beanstalk   AWS   CloudFormaFon   AWS  IAM   Amazon   SQS   Amazon   SES   Amazon   SNS   Amazon   CloudSearch   Amazon   SWF   Amazon Redshift OpsWorks   Amazon  ElasFc   Transcoder  
  • 25. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Cloud Resources Amazon   EC2   Amazon   S3   Amazon   ElasFc   MapReduce   AWS   Storage   Gateway   Amazon   DynamoDB   Amazon   RDS   Amazon   ElasFCache   Amazon   Route  53   Amazon   VPC   Amazon   CloudFront   Amazon   CloudWatch   Amazon   ElasFc   Beanstalk   AWS   CloudFormaFon   AWS  IAM   Amazon   SQS   Amazon   SES   Amazon   SNS   Amazon   CloudSearch   Amazon   SWF   Amazon Redshift OpsWorks   Amazon  ElasFc   Transcoder   Instances   Files   AMIs   Spot  Instances   Volumes   Messages   Snapshots   Security  Groups   ElasFc  IPs   Placement  Groups   Users   Groups   Roles   Load  Balancers   Autoscaling  Groups   Network  Interfaces   Queues   Topics   Domains   Workflows   ApplicaFons   Templates   DistribuFons   Buckets   Stacks   Apps   Layers   Clusters  
  • 26. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   AWS Marketplace
  • 27. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Difference #3
  • 28. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Customers •  Individual Developers •  Students
  • 29. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Hear about AWS
  • 30. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Create Account
  • 31. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Innovate!
  • 32. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Customers •  Individual Developers •  Students •  Startups •  SMBs
  • 33. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   IAM •  Users, Groups, Permissions –  Individual security credentials –  Secure by default –  Grant least privilege •  Easy to use –  Graphical user interface –  Ability to script/automate (CLI & API)
  • 34. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Customers •  Individual Developers •  Students •  Startups •  SMBs •  Enterprises •  Government Agencies
  • 35. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Control •  AWS Multi-Factor Authentication –  Hardware tokens –  Smartphone app tokens •  Credential management policies •  Control billing, support, and AWS Marketplace purchases
  • 36. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   •  HIPAA •  SOC 1/SSAE 16/ISAE 3402 (formerly SAS70) •  SOC 2 •  SOC 3 •  PCI DSS Level 1 •  ISO 27001 •  FedRAMP •  DIACAP and FISMA •  ITAR •  FIPS 140-2 •  CSA •  MPAA Compliance
  • 37. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Federation •  AWS Websites and/or APIs as relying party •  Pre-packaged sample: Windows Active Directory as identity provider SSO   AcFve  Directory  
  • 38. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Federation •  Partners are critical http://www.xceedium.com/xsuite/xsuite-for-amazon-web-services http://www.okta.com/aws/ http://www.symplified.com/solutions/single-sign-on-sso https://www.pingidentity.com/products/pingfederate/ •  More federation support coming…
  • 39. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Customers •  Individual Developers •  Students •  Startups •  SMBs •  Enterprises •  Government Agencies •  Mobile Developers
  • 40. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Web Identity Federation •  App sign-in using 3rd party identity providers –  –  Facebook –  Google (using OpenID Connect) •  No server-side code required
  • 41. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Web Identity Federation US-EAST-1 AWS Services STS   Access  AWS  Resources   IdenFty   Provider   Assume  Role   Amazon  S3   Amazon   DynamoDB  
  • 42. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   Customer Evolution Username  &   Password   IAM   Management  UI,  CLI,  API   MulF-­‐Factor  AuthenFcaFon   FederaFon  &  SSO     Password  Strength  Policy   AWS  Marketplace  Control   Enterprise   Joe   Startup/   SMB   No  addiGonal  charge   Mobile  
  • 43. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   •  Scale •  Resources •  Customers Summary
  • 44. ©  2013  Amazon.com,  Inc.  and  its  affiliates.    All  rights  reserved.    May  not  be  copied,  modified  or  distributed  in  whole  or  in  part  without  the  express  consent  of  Amazon.com,  Inc.   jscharf@amazon.com @jim_scharf Additional resources: •  AWS Security Blog: http://blogs.aws.amazon.com/security/ •  AWS IAM: http://aws.amazon.com/iam/ •  AWS IAM on Twitter: @AWSIdentity Thank You! RegistraGon  opens  July  17,  9  AM  PDT   Last  year,  it  sold  out,  so  register  early