Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Admin Least Privilege on Shared Cloud Accounts

132 views

Published on

How to approach protecting cloud infrastructure in shared environments across teams and departments with a growing number of admins.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Admin Least Privilege on Shared Cloud Accounts

  1. 1. Self Service Cloud Permissioning Approaches on AWS
  2. 2. Assumptions
  3. 3. Admin Power Indirect Scope of Classifications Limited
  4. 4. Amazon SNS Amazon SQS Amazon SESIAM Elastic Beanstalk AWS CloudFormation AWS CloudTrailAWS Config Amazon RDS DynamoDB bucket with objects App group 1 Amazon Lambda App group 2 App group 3 App group 4 Admin
  5. 5. IAM AWS CloudTrailAWS Config Power Amazon SNS Amazon SQS Amazon SES Amazon RDS DynamoDB Amazon Lambda Elastic Beanstalk AWS CloudFormation bucket with objects App group 1 App group 2 App group 3 App group 4
  6. 6. Amazon SNS Amazon SQS Amazon SESIAM AWS CloudFormation AWS CloudTrailAWS Config Amazon RDS DynamoDB Amazon Lambda App group 2 App group 3 App group 4 Limited App group 1 Elastic Beanstalkbucket with objects
  7. 7. Amazon RDS Amazon SNS Amazon SQS Amazon SESIAM Elastic Beanstalk AWS CloudTrailAWS ConfigDynamoDB bucket with objects App group 1 Amazon Lambda App group 2 App group 3 App group 4 Indirect AWS CloudFormation
  8. 8. Execution Model
  9. 9. Conditions • cloudformation:TemplateURL • cloudformation:ResourceTypes • cloudformation:StackPolicyURL

×