Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center

•

0 likes•52 views

Vladimir Samoylov

Role-based access control IAM Identity Center Temporary Elevated Access (just-in-time access)

Presentations & Public Speaking

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Secure from Day-0: Increase Your Security
Posture with Temporary Elevated Access and
AWS IAM Identity Center
Vladimir Cageyv Samoylov
AWS Community Builder – Thailand

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter / X

AWS Community
Key Takeaway
Role-based access control
IAM Identity Center
Temporary Elevated Access (just-in-time access)

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Cross-account IAM Nightmare

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Granting permissions. Role-based
access control.

AWS Community
- Developer Bob needs to get data from Production Database
- Bob asked his team lead Kate for permissions
- Kate told that company policy don’t allow access to Production Database and she have to ask CTO
- CTO was busy for a week and finally response that this is okay to grant Bob required permissions
and also change a policy and etc
- Kate asked InfraSec team to implement new security policy and grant Bob required permissions
- Bob finally able to get data from database and it allows him to implement new feature in the
codebase
How it usually happens?

AWS Community
- Time. Depends of the company size this process could takes from days to weeks.
- Maintenance. As company grows it will be more and more complex systems with many groups and
roles.
- Security. Our developer or developers will permanently have new permissions.
What problems do we see?

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Temporary Elevated Access

AWS Community
Temporary elevated access (also known as just-in-time access) is a way to request, approve, and track
the use of a permission to perform a specific task during a specified time. Temporary elevated access
supplements other forms of access control, such as permission sets and multi-factor authentication.
Temporary Elevated Access
Approve Action
Request
More info: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-
access.html

AWS Community
Another way of getting access

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
Sounds interesting. How could I do it in
my company?

AWS Community
AWS Organizations
More info: https://aws.amazon.com/organizations/

AWS Community
AWS IAM Identity Center (AWS Single Sign-On)
More info: https://aws.amazon.com/iam/identity-center/

AWS Community
Validated AWS Security Partners for temporary
elevated access
More info: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-
access.html#validatedpartners

AWS Community
Temporary elevated access management
(TEAM)
More info: https://aws-samples.github.io/iam-identity-center-team/

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
terraform-aws-sso-elevator

AWS Community
SSO-Elevator
More info: https://github.com/fivexl/terraform-aws-sso-elevator

AWS Community
SSO-Elevator (demo)
More info: https://youtu.be/iR3Rdjd7QMU

AWS Community
© 2023, Amazon Web Services, Inc. or its affiliates.
https://www.awscommunity.dev
22
Thank you
Go to link below for submitting your content request:
https://go.awscommunity.dev/request

Similar to Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center

Central administrators need scalable mechanisms to set granular permissions as their organizations grow. In this session, we discuss how to scale permissions management by relying on workforce and resource attributes. We introduce attribute-based access control (ABAC) and share how AWS enables you to author permission rules that scale with your organization to simplify permissions management. We share best practices for using tags to implement ABAC; we demonstrate how administrators can create policies and govern tags to grant developers access to AWS resources in their projects; and we show how permissions automatically apply as developers add resources to their projects. It is assumed that attendees are familiar with AWS permissions.

Scale permissions management in AWS with attribute-based access control - SDD...

Amazon Web Services

Bring the cloud closer to you and your customers by using your existing identity stores to access AWS services. Manage access to all of your cloud services and on-premises applications centrally. Join this webinar to learn how the Ping Identity platform offers federated single sign-on (SSO) to quickly and securely manage authentication of partners and customers through seamless integration with AWS Identity and Access Management service. You will also hear from Ping Identity partner and Amazon Web Services Customer, Geezeo, who will share best practices based on their experience. What you'll learn: • How the Ping Identity platform can be deployed simply and securely in Amazon EC2 adjacent to your offerings • How any partner that can generate a SAML assertion can easily connect to AWS APIs while also continuing to manage its own customer identities • How Geezeo has benefited from the Ping Identity platform’s seamless integration capabilities Who should attend: • Security and Identity professionals, Solution or System Architects, System Administrators, Development Leads and other Technical IT Leaders

AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On

Amazon Web Services

This deck contains the slides from section 1 to section 5 in our AWS Certified Solutions Architect video course. It covers: Section 1 Intro (no slides) Section 2 AWS Accounts and Organizations Section 3 Identity Management and Permissions Section 4- AWS Directory Services and Federation Section 5 - Advanced Amazon VPC Full course can be found here: https://digitalcloud.training/courses/aws-certified-solutions-architect-professional-video-course/

AWS Certified Solutions Architect Professional Course S1-S5

Neal Davis

Evolving perimeters with guardrails, not gates: Improving developer agility -...

Amazon Web Services

Getting Started with AWS Security

Amazon Web Services

Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.

Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...

Amazon Web Services

Identity and o365 on Azure

Mostafa

Azure Networking, Azure Storage, Enterprise Azure Active Directory, Daemon or Server application authentication workflow, Worker processes, Daemon, Daemon application to Web API, Azure Active Directory in old azure portal, ASM, Azure active directory and Mutl-tenant applications, Sharding, Federation, Shared singe, RBAC, Differences between AAD and AD DS, Azure AD Subscription models, Azure Domain Names, Manage Users, Groups,Co-Admin Role, Default Azure Active Directory, Adding access to another azure subscription. Contributor, Owner , Roles in Azure Subscriptions, Roles, MFA, Multi-Factor Authentication, How does MFA works, Scenarios for Azure MFA, Setting up MFA in Azure AD, Setting MFA, Azure Authenticator, Hybrid AD solutions, AD DS, Federated Trust, Domain Controller, AD, AAD Connecter, AD FS, AAD, Active Directory Password synchronization, Benefits of Active Directory, Active Directory Replication, vulnerabilities with multiple Domain Controller, Azure AD features, Synchronization with AD Connect, Write-back policies, Azure AD Health COnnect, Installing Azure AD COnnect Health,Integrating Azure AD and SaaS Applications, Benefits of using SaaS Solutions with your products, Benefits of SaaS Solutions, Azure Marketplace, DropBox Integrations with AAD, New Relic Integrations, New Relic, Dropbox, Azure AD Enterprise Application, VSTS integration for Automated Builds, Federation Overview, Claims, Single Sign On, Federated Trusts, Claim based authentications, Federated trusts, Claims Processing, Web Application Proxy, ADFS Proxy, ADFS 2.0 Proxy, How does ADFS proxy works for internal users, How does ADFS proxy works for internal users,Azure AD B2C Directory, B2C applications, Business 2 Customers application, 3rd Party Authentication, Bearer Token, OAuth, 3rd Party Identity Provider, OAuth server, Azure AD B2C Authentication & Authorization, Implementing Azure AD B2C Directory, Setting up Single Sign On with Facebook, Google, Microsoft. Linkedin, SignUP Policies, SignIN Policies, Email SignUp, SignUpSignIN PolicyID, Configuring Application with Azure Application ID,Modern Applications, Requirements for Modern Apps, API, Logic Applications, Mobile App, Web App, Function App, Go To Market, Microsoft Application Platform, App Service Plan, App Service Environment - Private Infrastructure, Why use App Service, App service Features & Capabilities, Azure App Service, Virtual Machine, Service Fabric & Cloud Services Comparison, Creating a Mobile App, Swagger UI, API Apps, API management, API APPS & API Management, Implementing API APP via Visual Studio,

Azure from scratch part 2 By Girish Kalamati

Girish Kalamati

AWS Basic Practitioner Heena Talreja.pptx

Hitendrasingh79

Design for Compliance - AWS FS Cloud Symposium Apr 2019.pdf

Amazon Web Services

by Quint Van Deman, Sr. Business Development Manager, AWS Across the AWS customer base there's a wide spectrum of experience levels. In this session, we'll dive deep into a number of advanced patterns that some of our most advanced customers are using to make themselves successful. By equipping you with these deep learnings, you'll be able to raise the bar within your organization, allowing you to achieve greater levels of control, speed, and visibility at a greatly accelerated pace. Level 400

The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...

Amazon Web Services

by Apurv Awasthi, Sr. Technical Product Manager, AWS This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100

AWS IAM Introduction

Amazon Web Services

What's New in AWS Security Features

Amazon Web Services

AZ-500-Questions.pdf

johnmight400

Infrastructure Security services are seen as the traditional mechanisms for enforcing protection of data. But now Identity and Access Management has to be considered too to prevent illegitimate access to information, unauthorized usage of services, and tampering of data. This is why, at AWS, Identity and Access Management oriented services is global service in our portfolio. Implementing a least privileged model for your workload requires that you consider what each component must have as permissions. For example: is it better to assign an IAM role to your Compute instance or to impersonate the initial requestor with their roles and permissions? Are the attributes of the requestor important for your access control logic? Can the context of the request influence how the resource should be disclosed? Answering those questions will allow you to design and implement access control thanks to a composition of multiple mechanisms. Through this session, we will describe how a very simple web store application will benefit from implementing: identity federation, attribute-based access control, and security token exchange through the usage of the appropriate AWS services.

Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf

Jean-François LOMBARDO

by Fritz Kunstler, Sr. AWS Security Consultant AWS Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.

The 1% Identity and Governance Patterns from the Most Advanced AWS Customers ...

Amazon Web Services

Identity requirements for consumer-facing applications differ significantly from those for workforce applications and cloud resources. Learn the best practices for choosing the right identity platform on AWS for your consumer-facing applications and for centrally managing access to all your business applications and AWS resources. Come learn about the proper use cases for implementing single sign-on (SSO) and Amazon Cognito, security best practices, and configuration guidance.

Best practices for choosing identity solutions for applications + workloads -...

Amazon Web Services

Amazon Web Services (AWS) has developed a customer compliance forum to facilitate in-depth compliance discussions between you and with AWS Compliance. The webinar focuses on the AWS shared responsibility security model and how your organization can achieve security and compliance within your use of AWS services. This initial AWS Compliance Forum webinar will provide an overview of AWS compliance programs, use cases, and the various compliance verticals AWS can support both through current certification and attestations (i.e., PCI, SOC, FedRAMP, and ISO) as well as areas AWS can illustrate use cases for workloads related to Life Sciences, Financial Services, and state/federal government compliance requirements. From there we will discuss the goals of the AWS Compliance Forum and plans for future webinars and small-group compliance discussions.

AWS Webcast - AWS Compliance Forum Introduction Oct 2013

Amazon Web Services

Pitt Immersion Day Module 5 - security overview

EagleDream Technologies

In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.

IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...

Amazon Web Services

Recently uploaded

ECOLOGY OF FISHES.pptx full presentation

FahadFazal7

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Mahamudul Hasan

Proofreading: Basics to Artificial Intelligence Integration. Become a Professional Proofreader and Editor Leveraging Human Expertise and Artificial Intelligence (AI) Technology and Tools. Table of Contents MODULE 1: INTRODUCTION TO PROOFREADING What is proofreading, and how is it different from editing? The importance of proofreading in publishing and communication Types of materials that require proofreading (books, articles, websites, legal documents, etc.) Proofreading marks and symbols MODULE 2: DEVELOPING PROOFREADING SKILLS MODULE 3: PROOFREADING TECHNIQUES Preparing for the proofreading process (setting up the workspace, tools, etc.) Reading techniques (line-by-line, word-by-word, backwards reading) Using proofreading checklists and guidelines Cross-checking against style guides and reference materials Marking up corrections and queries MODULE 4: PROOFREADING DIFFERENT TYPES OF CONTENT Proofreading fiction and non-fiction books Fiction Books: Non-Fiction Books: Proofreading academic and scientific papers Proofreading legal and business documents Proofreading websites and digital content Proofreading marketing and advertising materials MODULE 5: PROOFREADING TOOLS AND RESOURCES MODULE 6: PROOFREADING WORKFLOWS AND BEST PRACTICES MODULE 7: BUILDING A SUCCESSFUL PROOFREADING CAREER MODULE 8: AI TEXT EDITING AND PROOFREADING Benefits and limitations of AI in this field Benefits of AI in Proofreading: Limitations of AI in Proofreading: Examples of AI-powered text editing and proofreading tools Combining AI with Human Expertise AI Ethics and Bias in Text Editing Future Trends and Developments in AI Text Editing This cutting-edge course equips you with the essential skills and tools to become a proofreading pro in the age of AI technology. Designed for writers, editors, content creators, and anyone seeking to elevate their proofreading game, this masterclass combines time-tested proofreading techniques with the latest AI-powered text editing solutions. Through in-depth modules, you will master the art of proofreading, from developing razor-sharp attention to detail to mastering grammar, punctuation, and style guidelines. This masterclass also dives deep into the world of AI text editing. You’ll discover how AI-powered tools can aid in grammar and style checking, context-aware spell checking, consistency management, content optimization, and more. You will learn to seamlessly integrate AI tools into your proofreading workflows, combining the best of human expertise and AI technology for unparalleled results. Finally, this course will help you discover how to harness the power of AI to streamline your proofreading workflows, enhance accuracy, and deliver impeccable content every time, thanks to advanced proofreading techniques, such as line-by-line reading, backward reading, and cross-checking against reference materials, ensuring no error goes unnoticed.

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

David Celestin

Klinik_ Apotek Onlin 085657271886 Solusi Menggugurkan Masalah Kehamilan Anda Jual Obat Aborsi Di Jakarta. KLINIK ABORSI TERPEECAYA _ Jual Obat Aborsi Cytotec Misoprostol Asli 100% Ampuh Hanya 3 Jam Langsung Gugur || OBAT PENGGUGUR KANDUNGAN AMPUH MANJUR OBAT ABORSI OLINE" APOTIK Jual Obat Cytotec, Gastrul, Gynecoside Asli Ampuh. JUAL ” Obat Aborsi Tuntas | Obat Aborsi Manjur | Obat Aborsi Ampuh | Obat Penggugur Janin | Obat Pencegah Kehamilan | Obat Pelancar Haid | Obat terlambat Bulan | Ciri Obat Aborsi Asli | Obat Telat Bulan | Pil Aborsi Asli | Cara Menggugurkan Konten | Cara Aborsi Tuntas | Harga Obat Aborsi Asli | Pil Aborsi | Jual Obat Aborsi Cytotec | Cara Aborsi Sendiri | Cara Aborsi Usia 1 Bulan | Cara Aborsi Usia 2 Tahun | Cara Aborsi Usia 3 Bulan | Obat Aborsi Usia 4 Bulan | Cara Abrasi Usia 5 Bulan | Cara Menggugurkan Konten | Kandungan Obat Penggugur | Cara Menghitung Usia Konten | Cara Mengatasi Terlambat Bulan | Penjual Obat Aborsi Asli | Obat Aborsi Garansi | Kandungan Obat Peluntur | Obat Telat Datang Bulan | Obat Telat Haid | Obat Aborsi Paling Murah | Klinik Jual Obat Aborsi | Jual Pil Cytotec | Apotik Jual Obat Aborsi | Kandungan Dokter Abrasi | Cara Aborsi Cepat | Jual Obat Aborsi Bergaransi | Jual Obat Cytotec Asli | Obat Aborsi Aman Manjur | Obat Misoprostol Cytotec Asli. "APA ITU ABORSI" “Aborsi Adalah dengan membendung hormon yang di perlukan untuk mempertahankan kehamilan yaitu hormon progesteron, karena hormon ini dibendung, maka jalur kehamilan mulai membuka dan leher rahim menjadi melunak,sehingga mengeluarkan darah yang merupakan tanda bahwa obat telah bekerja || maksimal 1 jam obat diminum || PENJELASAN OBAT ABORSI USIA 1 _7 BULAN Pada usia kandungan ini, pasien akan merasakan sakit yang sedikit tidak berlebihan || sekitar 1 jam ||. namun hanya akan terjadi pada saatdarah keluar merupakan pertanda menstruasi. Hal ini dikarenakan pada usiakandungan 3 bulan,janin sudah terbentuk sebesar kepalan tangan orang dewasa. Cara kerja obat aborsi : JUAL OBAT ABORSI AMPUH dosis 3 bulan secara umum sama dengan cara kerja || DOSIS OBAT ABORSI 2 bulan”, hanya berbedanya selain mengisolasijanin juga menghancurkan janin dengan formula methotrexate dikandungdidalamnya. Formula methotrexate ini sangat ampuh untuk menghancurkan janinmenjadi serpihan-serpihan kecil akan sangat berguna pada saat dikeluarkan nanti. APA ALASAN WANITA MELAKUKAN ABORSI? Aborsi di lakukan wanita hamil baik yang sudah menikah maupun belum menikah dengan berbagai alasan , akan tetapi alasan yang utama adalah alasan-alasan non medis (termasuk aborsi sendiri / di sengaja/ buatan] MELAYANI PEMESANAN OBAT ABORSI SETIAP HARI, SIAP KIRIM KESELURUH KOTA BESAR DI INDONESIA DAN LUAR NEGERI. HUBUNGI PEMESANAN LEBIH NYAMAN VIA WA/: 085657271886

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

ZurliaSoop

ChatGPT emerged as a conversational technology that should make you productive and increase your value. ChatGPT, as a trained model, can process our natural human language and generate a response. However, only some of the completion outputs are entirely correct. As a developer, you can use ChatGPT as one of your tools, just like you use Google as one of your search tools. Also, an important question everyone should consider is whether we should use these tools.

Using AI to boost productivity for developers

Teri Eyenike

BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES

futhumetsaneliswa

Introduction to Artificial intelligence.

thamaeteboho94

Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...

Abortion pills in Kuwait Cytotec pills in Kuwait

LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN

tntlai16

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Abortion pills in Kuwait Cytotec pills in Kuwait

Digital collaboration with Microsoft 365 as extension of Drupal

Fabian de Rijk

ICT role in 21st century education and it's challenges.pdf

Islamia university of Rahim Yar khan campus

User research literature widely assumes that researchers should build empathy for their users, and that this will enable companies to design better experiences. Businesses point to UX research as the empathy in their company ethos. But when we talk about empathy in a business context, what do we really mean? Is it reasonable to expect researchers to empathize with every person they interview? Is it even productive? In this presentation, I will discuss why empathy is not what drives business and makes researchers good advocates for our users. We will first look at the literal and theoretical definitions of empathy in user experience research, then draw from that definition what businesses are ultimately in search of—rightly or wrongly—when they bring UX research into the process. We will talk about how it may not only be impossible to achieve true empathy, but also that “being empathetic” may not make researchers better advocates for the user. I will argue that we should reframe our goal as compassion, an action-driven, thoughtful, and achievable north star that leverages core researcher talents and better communicates user needs.

"I hear you": Moving beyond empathy in UXR

Megan Campos

History of Morena Moshoeshoe birth death

phntsoaki

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx

thusosetemere

2024 mega trends for the digital workplace - FINAL.pdf

Nancy Goebel

Despite remarkable successes in various domains such as robotics and games, Reinforcement Learning (RL) still struggles with exploration inefficiency. For example, in hard Atari games, state-of-the-art agents often require billions of trial actions, equivalent to years of practice, while a moderately skilled human player can achieve the same score in just a few hours of play. This contrast emerges from the difference in exploration strategies between humans, leveraging memory, intuition and experience, and current RL agents, primarily relying on random trials and errors. This tutorial reviews recent advances in enhancing RL exploration efficiency through intrinsic motivation or curiosity, allowing agents to navigate environments without external rewards. Unlike previous surveys, we analyze intrinsic motivation through a memory-centric perspective, drawing parallels between human and agent curiosity, and providing a memory-driven taxonomy of intrinsic motivation approaches. The talk consists of three main parts. Part A provides a brief introduction to RL basics, delves into the historical context of the explore-exploit dilemma, and raises the challenge of exploration inefficiency. In Part B, we present a taxonomy of self-motivated agents leveraging deliberate, RAM-like, and replay memory models to compute surprise, novelty, and goal, respectively. Part C explores advanced topics, presenting recent methods using language models and causality for exploration. Whenever possible, case studies and hands-on coding demonstrations. will be presented.

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

Hung Le

He said to them, “Go into all the world and preach the gospel to all creation. Whoever believes and is baptized will be saved, but whoever does not believe will be condemned. And these signs will accompany those who believe: In my name they will drive out demons; they will speak in new tongues; they will pick up snakes with their hands; and when they drink deadly poison, it will not hurt them at all; they will place their hands on sick people, and they will get well.” After the Lord Jesus had spoken to them, he was taken up into heaven and he sat at the right hand of God. Then the disciples went out and preached everywhere, and the Lord worked with them and confirmed his word by the signs that accompanied it. Mark 16:15-20

Ready Set Go Children Sermon about Mark 16:15-20

rejz122017

Today, I had the opportunity to review Professor Sylvester Monye's latest book, "The Concession of Asaba International Airport: Balancing Politics and Policy Execution.” The review was attended by former President Goodluck Ebele Jonathan, GGFR, Governor Sheriff F. Oborevwori of Delta State, former Senate President, H.E Dr Abubakar Bukola Saraki CON, former SGF Boss Mustapha, CFR, and former President Chief Olusegun Obasanjo, GCFR, who chaired the event. The book offers a master class in policy management in a complex political environment and sheds light on the challenges and intricacies involved in such a monumental project. It was a privilege to gain insight into the experiences and perspectives shared in the book, and I believe it offers valuable lessons for future policymakers and governments undertaking similar endeavours. Congratulations to Professor Monye on this insightful and thought-provoking work.

The Concession of Asaba International Airport: Balancing Politics and Policy ...

Kayode Fayemi

Recently uploaded (19)

ECOLOGY OF FISHES.pptx full presentation

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

Using AI to boost productivity for developers

BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES

Introduction to Artificial intelligence.

Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...

LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Digital collaboration with Microsoft 365 as extension of Drupal

ICT role in 21st century education and it's challenges.pdf

"I hear you": Moving beyond empathy in UXR

History of Morena Moshoeshoe birth death

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx

2024 mega trends for the digital workplace - FINAL.pdf

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

Ready Set Go Children Sermon about Mark 16:15-20

The Concession of Asaba International Airport: Balancing Politics and Policy ...

Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center

1. AWS Community © 2023, Amazon Web Services, Inc. or its affiliates. Secure from Day-0: Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center Vladimir Cageyv Samoylov AWS Community Builder – Thailand

3. AWS Community Key Takeaway Role-based access control IAM Identity Center Temporary Elevated Access (just-in-time access)

5. AWS Community First day is a new CISO

6. AWS Community First day is a new CISO

8. AWS Community - Developer Bob needs to get data from Production Database - Bob asked his team lead Kate for permissions - Kate told that company policy don’t allow access to Production Database and she have to ask CTO - CTO was busy for a week and finally response that this is okay to grant Bob required permissions and also change a policy and etc - Kate asked InfraSec team to implement new security policy and grant Bob required permissions - Bob finally able to get data from database and it allows him to implement new feature in the codebase How it usually happens?

9. AWS Community - Time. Depends of the company size this process could takes from days to weeks. - Maintenance. As company grows it will be more and more complex systems with many groups and roles. - Security. Our developer or developers will permanently have new permissions. What problems do we see?

11. AWS Community Temporary elevated access (also known as just-in-time access) is a way to request, approve, and track the use of a permission to perform a specific task during a specified time. Temporary elevated access supplements other forms of access control, such as permission sets and multi-factor authentication. Temporary Elevated Access Approve Action Request More info: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated- access.html

12. AWS Community Another way of getting access

14. AWS Community AWS Organizations More info: https://aws.amazon.com/organizations/

15. AWS Community AWS IAM Identity Center (AWS Single Sign-On) More info: https://aws.amazon.com/iam/identity-center/

16. AWS Community Validated AWS Security Partners for temporary elevated access More info: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated- access.html#validatedpartners

17. AWS Community Temporary elevated access management (TEAM) More info: https://aws-samples.github.io/iam-identity-center-team/

19. AWS Community SSO-Elevator More info: https://github.com/fivexl/terraform-aws-sso-elevator

20. AWS Community SSO-Elevator (demo) More info: https://youtu.be/iR3Rdjd7QMU

21. AWS Community

22. AWS Community © 2023, Amazon Web Services, Inc. or its affiliates. https://www.awscommunity.dev 22 Thank you Go to link below for submitting your content request: https://go.awscommunity.dev/request

Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center

Recommended

Recommended

More Related Content

Similar to Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center

Similar to Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center (20)

Recently uploaded

Recently uploaded (19)

Increase Your Security Posture with Temporary Elevated Access and AWS IAM Identity Center