Managing users and aws accounts

•

0 likes•265 views

Aleksandr Maklakov

How to manage AWS accounts and IAM users.

Managing users and AWS
accounts
Aleksandr Maklakov – maklaud@zeoalliance.com

Agenda
• Managing AWS account
• Managing IAM users
• Security Best Practices
• Solutions
• Questions

Managing AWS accounts
• У кого от 1 до 3 AWS аккаунтов ?
• У кого от 3 до 10 AWS аккаунтов ?
• У кого больше 10 AWS аккаунтов ?

Managing AWS accounts
• Why and When to Create Multiple Accounts?

Managing AWS accounts
• isolation between workloads/departments
• isolation between projects
• minimize blast radius
• optimize costs
• environmental lifecycle accounts
• centralize logging account
• centralize publishing account

Managing IAM accounts
• IAM users
• Identity federation (SAML 2.0)
• Directory service (LDAP)

Managing IAM accounts - Security Best Practices
• Lock away your AWS account (root) access keys
• Create individual IAM users
• Use AWS-defined policies to assign permissions whenever possible
• Use groups to assign permissions to IAM users
• Grant least privilege
• Configure a strong password policy for your users

Managing IAM accounts - Security Best Practices
• Enable MFA for privileged users
• Use roles for applications that run on Amazon EC2 instances
• Delegate by using roles instead of by sharing credentials
• Rotate credentials regularly
• Remove unnecessary credentials
• Use policy conditions for extra security
• Monitor activity in your AWS account

Solutions

Solutions

Solutions

Solutions

Solutions

AWS Organizations
• Centrally manage policies across multiple AWS accounts
• Control access to AWS services
• Automate AWS account creation and management
• Consolidate billing across multiple AWS accounts

Our solution

Our solution
+
• single account, MFA, password policy to manage
• native UX with AWS CLI and web console
• different cost-centers
• individual accounts for scripts
• delegating/splitting user management
-
• some troubles with 3rd party tools
• short STS session (1 hour)

The End
• Questions ?
• Comments ?
• Feedback

More Related Content

What's hot

AWS deployment and management Services

AWS deployment and management Services

AWS deployment and management Services

Nagesh Ramamoorthy

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture. Speakers: Rob Whitmore, AWS Solutions Architect

Introduction to AWS Security

Introduction to AWS Security

Introduction to AWS Security

Amazon Web Services

Federation

Amazon Web Services

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

Kumton Suttiraksiri

Protecting Your Data With AWS KMS and AWS CloudHSM

Protecting Your Data With AWS KMS and AWS CloudHSM

Protecting Your Data With AWS KMS and AWS CloudHSM

Amazon Web Services

Azure signalr service

Azure signalr service

Azure signalr service

Udaiappa Ramachandran

Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.

Azure Active Directory

Azure Active Directory

Azure Active Directory

Thurupathan Vijayakumar

AWS Training Tutorial for Freshers

AWS Training Tutorial for Freshers

AWS Training Tutorial for Freshers

rajkamaltibacademy

AWS Security & Compliance

AWS Security & Compliance

AWS Security & Compliance

Amazon Web Services

Introduction to Identity and Access Management (IAM)

Introduction to Identity and Access Management (IAM)

Introduction to Identity and Access Management (IAM)

Amazon Web Services

Aws

Introduction of AWS KMS

Introduction of AWS KMS

Introduction of AWS KMS

Ricardo Schmidt

How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn: • Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals. Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

Amazon Web Services

Certification in Microsoft Azure

Certification in Microsoft Azure

Certification in Microsoft Azure

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Amazon Web Services

Securing Your Data in AWS

Securing Your Data in AWS

Securing Your Data in AWS

Amazon Web Services

Vortrag "So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P Amazon Web Services bietet verschiedenste Datenquellen für Kunden um Ereignisse, Datenströme und Aktivitäten auf der Kundeninfrastruktur nachvollziehen zu können. Diese Daten ermöglichen verschiedenste Optionen im Bereich Einbruchs-Warnung und -Prävention, Vorwarnung, Absicherung zu Zugängen und Prävention von Missbrauch der auf AWS basierenden Infrastruktur. Der Vortrag wird eine Einführung in diese Optionen geben und verschiedenste Möglichkeiten mit CloudTrail, AWS Config, VPC-Flow-Logs und S3-Logging aufzeigen. Zudem wird der Vortrag einige bewährte Verfahrensweisen demonstrieren um diese Datenströme für einfache Alarmierung zu verwenden.

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

Amazon Web Services Identity and Access Management (IAM) supports identity federation for delegated access to the Amazon Web Services Management Console or Amazon Web Services APIs across accounts. With identity federation, external identities can be granted secure access using Active Directory/SAML integration while maintaining clear auditing and security governance, and allowing developers to get access to the resources they need. Speaker: Pierre Liddle, Solutions Architect, Amazon Web Services

Managing Access to Resources on Amazon Web Services

Managing Access to Resources on Amazon Web Services

Managing Access to Resources on Amazon Web Services

Amazon Web Services

This is the Part 1 of the Azure Active Directory Topic. In this session I introduce the Azure AD and talk about what it is, how it differentiates with on-premises Active Directory Domain Services (AD DS). Further, in this session I provide demos on how to create Azure AD Users from the Azure Portal, associate Custom domains with the Azure AD tenant and the Azure AD PowerShell module. As a bonus, I also talk about and demo how to create additional Azure AD directory within the subscription.

48. Azure Active Directory - Part 1

48. Azure Active Directory - Part 1

48. Azure Active Directory - Part 1

AWS Introduction and History

AWS Introduction and History

AWS Introduction and History

Nagesh Ramamoorthy

What's hot (20)

AWS deployment and management Services

AWS deployment and management Services

AWS deployment and management Services

Introduction to AWS Security

Introduction to AWS Security

Introduction to AWS Security

Federation

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

Protecting Your Data With AWS KMS and AWS CloudHSM

Protecting Your Data With AWS KMS and AWS CloudHSM

Protecting Your Data With AWS KMS and AWS CloudHSM

Azure signalr service

Azure signalr service

Azure signalr service

Azure Active Directory

Azure Active Directory

Azure Active Directory

AWS Training Tutorial for Freshers

AWS Training Tutorial for Freshers

AWS Training Tutorial for Freshers

AWS Security & Compliance

AWS Security & Compliance

AWS Security & Compliance

Introduction to Identity and Access Management (IAM)

Introduction to Identity and Access Management (IAM)

Introduction to Identity and Access Management (IAM)

Aws

Introduction of AWS KMS

Introduction of AWS KMS

Introduction of AWS KMS

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

Certification in Microsoft Azure

Certification in Microsoft Azure

Certification in Microsoft Azure

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019

Securing Your Data in AWS

Securing Your Data in AWS

Securing Your Data in AWS

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...

Managing Access to Resources on Amazon Web Services

Managing Access to Resources on Amazon Web Services

Managing Access to Resources on Amazon Web Services

48. Azure Active Directory - Part 1

48. Azure Active Directory - Part 1

48. Azure Active Directory - Part 1

AWS Introduction and History

AWS Introduction and History

AWS Introduction and History

Viewers also liked

How to Become a Thought Leader in Your Niche

How to Become a Thought Leader in Your Niche

How to Become a Thought Leader in Your Niche

В доповіді розглянуті основні моменти атак, що здійснювалися на державні організації через канал електронної пошти із застосуванням елементів соціальної інженерії. Наведено приклади фішингових листів та результат активації ШПЗ. У підсумку знайдете практичні рекомендації щодо перевірки приєднань та інформації з відкритих джерел. Цільова аудиторія - співробітники та керівники відділів ІТ та ІБ.

Сучасні цільові атаки

Сучасні цільові атаки

Сучасні цільові атаки

Vladyslav Radetsky

Защита от эксплойтов и новых, неизвестных образцов. Рассмотрены технические аспекты работы решения. Отображена работа защиты на актуальных семплах ransomware, RAT и т.д. Дополнительно показаны схемы активации и закрепления семплов в системе. Контент будет полезен руководителям и сотрудникам ИТ/ИБ подразделений.

Palo Alto Traps - тестирование на реальных семплах

Palo Alto Traps - тестирование на реальных семплах

Palo Alto Traps - тестирование на реальных семплах

Vladyslav Radetsky

Anatomy of the modern application stack

Anatomy of the modern application stack

Anatomy of the modern application stack

McAfee Endpoint Security 10.1

McAfee Endpoint Security 10.1

McAfee Endpoint Security 10.1

Vladyslav Radetsky

Короткий огляд атак, у розслідуванні який приймав участь. Аналітика. Маркери компрометації. Рекомендації. Контент доповіді стосується не лише енергетиків і є актуальним не лише для державного сектору. Розраховано на широкий загал. В першу чергу - працівників ІТ/ІБ підрозділів.

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Vladyslav Radetsky

Innovating IAM Protection for AWS. Protecting your IAM users and roles is a priority for security professionals and DevOps teams alike. The challenge becomes more complex when adding multiple AWS accounts, many users, and a growing list of local and cross account roles. By utilizing an innovative IAM protection solution, you can successfully defend your AWS cloud from new threats. In this 30 min session you will learn: How to identify and map out potential IAM risk factors and attack vectors. How to prevent potentially dangerous activities over your AWS accounts directly from your mobile device. How to defend your AWS investment from compromised credentials and malicious insiders that can impact your business. Speaker: Patrick Pushor, Chief Technical Evangelist at Dome9

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

Amazon Web Services

In this session, we provide programmatic guidance on building tools and applications to detect and manage fraud and unusual activity specific to financial services institutions. Payment fraud is an ongoing concern for merchants and credit card issuers alike and these activities impact all industries, but are specifically detrimental to Financial Services. We provide a step-by-step walkthrough of a reference solution to detect and address credit card fraud in real time by using Apache Apex and Amazon Machine Learning capabilities. We also outline different resource and performance optimization options and how to work data security into the fraud detection workflow.

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

Amazon Web Services

This session covers AWS Identity and Access Management (IAM) best practices that can help improve your security posture. We cover how to manage users and their security credentials. We also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we demonstrate when to choose between using IAM users and IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

Amazon Web Services

At times you may have a need to provide external entities access to resources within your AWS account. You may have users within your enterprise that want to access AWS resources without having to remember a new username and password. Alternatively, you may be creating a cloud-backed application that is used by millions of mobile users. Or you have multiple AWS accounts that you want to share resources across. Regardless of the scenario, AWS Identity and Access Management (IAM) provides a number of ways you can securely and flexibly provide delegated access to your AWS resources. Come learn how to best take advantage of these options in your AWS environment.

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Amazon Web Services

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

Amazon Web Services

Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

Amazon Web Services

The world is producing an ever increasing volume, velocity, and variety of big data. Consumers and businesses are demanding up-to-the-second (or even millisecond) analytics on their fast-moving data, in addition to classic batch processing. AWS delivers many technologies for solving big data problems. But what services should you use, why, when, and how? In this session, we simplify big data processing as a data bus comprising various stages: ingest, store, process, and visualize. Next, we discuss how to choose the right technology in each stage based on criteria such as data structure, query latency, cost, request rate, item size, data volume, durability, and so on. Finally, we provide reference architecture, design patterns, and best practices for assembling these technologies to solve your big data problems at the right cost.

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

Amazon Web Services

Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is "yes," this session is for you. We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

Amazon Web Services

Viewers also liked (14)

How to Become a Thought Leader in Your Niche

How to Become a Thought Leader in Your Niche

How to Become a Thought Leader in Your Niche

Сучасні цільові атаки

Сучасні цільові атаки

Сучасні цільові атаки

Palo Alto Traps - тестирование на реальных семплах

Palo Alto Traps - тестирование на реальных семплах

Palo Alto Traps - тестирование на реальных семплах

Anatomy of the modern application stack

Anatomy of the modern application stack

Anatomy of the modern application stack

McAfee Endpoint Security 10.1

McAfee Endpoint Security 10.1

McAfee Endpoint Security 10.1

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Атаки на критичну інфраструктуру України. Висновки. Рекомендації.

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

(BDT310) Big Data Architectural Patterns and Best Practices on AWS

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...

Similar to Managing users and aws accounts

Controlling Access to your Resources

Controlling Access to your Resources

Controlling Access to your Resources

Amazon Web Services

Aws security best practices

Aws security best practices

Aws security best practices

AWS Intro

AWS-IAM-intro-2016-08-03.pptx

AWS-IAM-intro-2016-08-03.pptx

AWS-IAM-intro-2016-08-03.pptx

Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Amazon Web Services

As companies shift workloads into the cloud, IT organizations are required to manage an increasing number of cloud resources. AWS provides a broad set of services that help IT organizations with provisioning, tracking, auditing, configuration management, and cost management of their AWS resources. In this session, we will explore the AWS Management Tools suite of services that support the lifecycle management of AWS resources at scale and enable IT governance and compliance. The Deep Dive on AWS Management Tools session will benefit both new and experienced IT administrators, systems administrators, and developers operating infrastructure on AWS and interested in learning about the AWS resource management capabilities.

ENT302 Deep Dive on AWS Management Tools and New Launches

ENT302 Deep Dive on AWS Management Tools and New Launches

ENT302 Deep Dive on AWS Management Tools and New Launches

Amazon Web Services

Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building new applications using cloud-native services. Along each journey, identity and access management helps customers protect their applications and resources. Come to this session and learn how AWS identity services provide you with a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS identity services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

Amazon Web Services

Cloudifying your Security Operations on AWS

Cloudifying your Security Operations on AWS

Cloudifying your Security Operations on AWS

AWS Security

Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Brian Wagner, Security Consultant, Professional Services, AWS

Using AWS Organizations to Ensure Compliance in Your Cloud

Using AWS Organizations to Ensure Compliance in Your Cloud

Using AWS Organizations to Ensure Compliance in Your Cloud

Amazon Web Services

Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building Approved applications using cloud-native services. Along each journey, identity and access management helps customers protect their applications and resources. Come to this session and learn how AWS identity services provide you with a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS identity services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.

AWS Identity, Directory, and Access Services: An Overview

AWS Identity, Directory, and Access Services: An Overview

AWS Identity, Directory, and Access Services: An Overview

Amazon Web Services

Protecting Your Data in AWS

Protecting Your Data in AWS

Protecting Your Data in AWS

Amazon Web Services

AWS Security Best Practices (March 2017)

AWS Security Best Practices (March 2017)

AWS Security Best Practices (March 2017)

Security best practices on AWS - Pop-up Loft TLV 2017

Security best practices on AWS - Pop-up Loft TLV 2017

Security best practices on AWS - Pop-up Loft TLV 2017

Amazon Web Services

Aws tutorial

AWS Organizations is a new administrative capability, which allows you to control multiple AWS accounts centrally. With Organizations, you can hierarchically organize and manage your AWS accounts and apply organizational controls across these accounts to meet your business needs. In this session, we cover the capabilities of AWS Organizations and discuss best practices when managing multiple AWS accounts.

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

Amazon Web Services

CloudTrail provides a rich audit trail of the activity in your AWS Environment. In order to maintain compliance with one of the many auditing standards, you need to implement continuous monitoring and demonstrate the ability to provide evidence when needed. Having access to CloudTrail is just the first step. Once you have verified CloudTrail is enabled and configured properly, you will need to ingest the CloudTrail files, parse them, and turn them into actionable information. Webinar topics include: - Setting up tamper resistant archives for CloudTrail - Implementing a centralized bucket for CloudTrail across your organizations - Securely configuring CloudTrail across hundreds of AWS accounts YouTube Link: https://www.youtube.com/watch?v=_mk_qf0U4hI

Webinar: Securely Configuring and Mining AWS CloudTrail

Webinar: Securely Configuring and Mining AWS CloudTrail

Webinar: Securely Configuring and Mining AWS CloudTrail

Whether you’re a cash-strapped startup or an enterprise optimizing spend, it pays to run cost-efficient architectures on AWS. This session reviews a wide range of cost planning, monitoring, and optimization strategies, featuring real-world experience from AWS customers. We cover how to effectively combine Amazon EC2 On-Demand, Reserved, and Spot instances to handle different use cases; leveraging Auto Scaling to match capacity to workload; choosing the optimal instance type through load testing; taking advantage of Multi-AZ support; and using Amazon CloudWatch to monitor usage and automatically shut off resources when they are not in use. We discuss taking advantage of tiered storage and caching, offloading content to Amazon CloudFront to reduce back-end load, and getting rid of your back end entirely by leveraging AWS high-level services. We also showcase simple tools to help track and manage costs, including Cost Explorer, billing alerts, and AWS Trusted Advisor. This session is your pocket guide for running cost effectively in the Amazon Cloud. Attendees of this session receive a free 30-day trial of enterprise-level Trusted Advisor.

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

Amazon Web Services

Aws slides

Aws slides

Similar to Managing users and aws accounts (20)

Controlling Access to your Resources

Controlling Access to your Resources

Controlling Access to your Resources

Aws security best practices

Aws security best practices

Aws security best practices

AWS Intro

AWS-IAM-intro-2016-08-03.pptx

AWS-IAM-intro-2016-08-03.pptx

AWS-IAM-intro-2016-08-03.pptx

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

ENT302 Deep Dive on AWS Management Tools and New Launches

ENT302 Deep Dive on AWS Management Tools and New Launches

ENT302 Deep Dive on AWS Management Tools and New Launches

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...

Cloudifying your Security Operations on AWS

Cloudifying your Security Operations on AWS

Cloudifying your Security Operations on AWS

AWS Security

Using AWS Organizations to Ensure Compliance in Your Cloud

Using AWS Organizations to Ensure Compliance in Your Cloud

Using AWS Organizations to Ensure Compliance in Your Cloud

AWS Identity, Directory, and Access Services: An Overview

AWS Identity, Directory, and Access Services: An Overview

AWS Identity, Directory, and Access Services: An Overview

Protecting Your Data in AWS

Protecting Your Data in AWS

Protecting Your Data in AWS

AWS Security Best Practices (March 2017)

AWS Security Best Practices (March 2017)

AWS Security Best Practices (March 2017)

Security best practices on AWS - Pop-up Loft TLV 2017

Security best practices on AWS - Pop-up Loft TLV 2017

Security best practices on AWS - Pop-up Loft TLV 2017

Aws tutorial

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...

Webinar: Securely Configuring and Mining AWS CloudTrail

Webinar: Securely Configuring and Mining AWS CloudTrail

Webinar: Securely Configuring and Mining AWS CloudTrail

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...

Aws slides

Aws slides

More from Aleksandr Maklakov

GraphQL backend with AWS AppSync & AWS Lambda

GraphQL backend with AWS AppSync & AWS Lambda

GraphQL backend with AWS AppSync & AWS Lambda

Aleksandr Maklakov

AWS Certification from scratch

AWS Certification from scratch

AWS Certification from scratch

Aleksandr Maklakov

Chronicle of ReInvent 2019

Chronicle of ReInvent 2019

Chronicle of ReInvent 2019

Aleksandr Maklakov

How to stop dreaming about security and start implementing

How to stop dreaming about security and start implementing

How to stop dreaming about security and start implementing

Aleksandr Maklakov

Secure perimeter with AWS workspaces

Secure perimeter with AWS workspaces

Secure perimeter with AWS workspaces

Aleksandr Maklakov

Going Serverless on AWS

Going Serverless on AWS

Going Serverless on AWS

Aleksandr Maklakov

AWS Security Best Practices

AWS Security Best Practices

AWS Security Best Practices

Aleksandr Maklakov

AWS Container services

AWS Container services

AWS Container services

Aleksandr Maklakov

How to implement DevSecOps on AWS for startups

How to implement DevSecOps on AWS for startups

How to implement DevSecOps on AWS for startups

Aleksandr Maklakov

AWS CloudFront

Aleksandr Maklakov

HOW TO DRONE.IO IN CI/CD WORLD

HOW TO DRONE.IO IN CI/CD WORLD

HOW TO DRONE.IO IN CI/CD WORLD

Aleksandr Maklakov

Amazon EC2 container service

Amazon EC2 container service

Amazon EC2 container service

Aleksandr Maklakov

Continuous operations in AWS

Continuous operations in AWS

Continuous operations in AWS

Aleksandr Maklakov

Architecture of NoSQL distributed clusters on AWS

Architecture of NoSQL distributed clusters on AWS

Architecture of NoSQL distributed clusters on AWS

Aleksandr Maklakov

More from Aleksandr Maklakov (14)

GraphQL backend with AWS AppSync & AWS Lambda

GraphQL backend with AWS AppSync & AWS Lambda

GraphQL backend with AWS AppSync & AWS Lambda

AWS Certification from scratch

AWS Certification from scratch

AWS Certification from scratch

Chronicle of ReInvent 2019

Chronicle of ReInvent 2019

Chronicle of ReInvent 2019

How to stop dreaming about security and start implementing

How to stop dreaming about security and start implementing

How to stop dreaming about security and start implementing

Secure perimeter with AWS workspaces

Secure perimeter with AWS workspaces

Secure perimeter with AWS workspaces

Going Serverless on AWS

Going Serverless on AWS

Going Serverless on AWS

AWS Security Best Practices

AWS Security Best Practices

AWS Security Best Practices

AWS Container services

AWS Container services

AWS Container services

How to implement DevSecOps on AWS for startups

How to implement DevSecOps on AWS for startups

How to implement DevSecOps on AWS for startups

AWS CloudFront

HOW TO DRONE.IO IN CI/CD WORLD

HOW TO DRONE.IO IN CI/CD WORLD

HOW TO DRONE.IO IN CI/CD WORLD

Amazon EC2 container service

Amazon EC2 container service

Amazon EC2 container service

Continuous operations in AWS

Continuous operations in AWS

Continuous operations in AWS

Architecture of NoSQL distributed clusters on AWS

Architecture of NoSQL distributed clusters on AWS

Architecture of NoSQL distributed clusters on AWS

Recently uploaded

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Managing users and aws accounts

1. Managing users and AWS accounts Aleksandr Maklakov – maklaud@zeoalliance.com

2. Agenda • Managing AWS account • Managing IAM users • Security Best Practices • Solutions • Questions

3. Managing AWS accounts • У кого от 1 до 3 AWS аккаунтов ? • У кого от 3 до 10 AWS аккаунтов ? • У кого больше 10 AWS аккаунтов ?

4. Managing AWS accounts • Why and When to Create Multiple Accounts?

5. Managing AWS accounts • isolation between workloads/departments • isolation between projects • minimize blast radius • optimize costs • environmental lifecycle accounts • centralize logging account • centralize publishing account

6. Managing IAM accounts • IAM users • Identity federation (SAML 2.0) • Directory service (LDAP)

7. Managing IAM accounts - Security Best Practices • Lock away your AWS account (root) access keys • Create individual IAM users • Use AWS-defined policies to assign permissions whenever possible • Use groups to assign permissions to IAM users • Grant least privilege • Configure a strong password policy for your users

8. Managing IAM accounts - Security Best Practices • Enable MFA for privileged users • Use roles for applications that run on Amazon EC2 instances • Delegate by using roles instead of by sharing credentials • Rotate credentials regularly • Remove unnecessary credentials • Use policy conditions for extra security • Monitor activity in your AWS account

14. AWS Organizations • Centrally manage policies across multiple AWS accounts • Control access to AWS services • Automate AWS account creation and management • Consolidate billing across multiple AWS accounts

15. Our solution

16. Our solution + • single account, MFA, password policy to manage • native UX with AWS CLI and web console • different cost-centers • individual accounts for scripts • delegating/splitting user management - • some troubles with 3rd party tools • short STS session (1 hour)

17. The End • Questions ? • Comments ? • Feedback