SlideShare a Scribd company logo

AWS Identity Access Management

Richard Harvey
Richard Harvey

This document discusses AWS Identity and Access Management (IAM) and provides an overview of how to securely manage user access and permissions in AWS. It describes IAM best practices like least privilege access and using roles for applications to access resources. Additionally, it covers authentication methods, common use cases for IAM like controlling developer access and application access, and related services like AWS STS and AWS Organizations.

Internet
1 of 27
Download to read offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity Access Management (IAM) Ric Harvey Startup Solutions Architect / Technical Developer Evangelist Amazon Web Services rjh@amazon.com @ric__harvey https://gitlab.com/ric_harvey/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Broad Security & Identity Portfolio • AWS Identity & Access Management (IAM) • AWS Single Sign-On (SSO) • AWS Directory Service • Amazon Cloud Directory • AWS Secrets Manager • Amazon Cognito • AWS Organizations • AWS Resource Access Manager (RAM) • AWS Security Hub • Amazon GuardDuty • AWS CloudTrail • AWS Config • Amazon CloudWatch • VPC Flow Logs • AWS Systems Manager • AWS Shield • AWS Web Application Firewall (AWS WAF) • Amazon Inspector • Amazon Virtual Private Cloud (VPC) • AWS Key Management Service (KMS) • AWS CloudHSM • Amazon Macie • AWS Certificate Manager • Server-Side Encryption • AWS Config Rules • AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud CustomerAWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Least Privileged
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AAA with AWS Authenticate IAM Username/Password Access Key (+ MFA) Federation Authorize IAM Policies Audit CloudTrail
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Principals • Access to specific services. • Access to console and/or APIs. • Access to Customer Support (Business and Enterprise). IAM Users, Groups and Roles • Access to specific services. • Access to console and/or APIs. Temporary Security Credentials • Access to all subscribed services. • Access to billing. • Access to console and APIs. • Access to Customer Support. Account Owner ID (Root Account)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Authorization and Privileges Authorization: What are you allowed to do? Account Owner (Root) • Privileged for all actions. IAM Policies • Privileges defined at User and Resource Level Note: Always associate the account owner ID with an MFA device and store it in a secured place!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS IAM Hierarchy of Privileges AWS Account Owner (Root) AWS IAM User Temporary Security Credentials Permissions Example Unrestricted access to all enabled services and resources. Action: * Effect: Allow Resource: * (implicit) Access restricted by Group and User policies Action: [‘s3:*’,’sts:Get*’] Effect: Allow Resource: * Access restricted by generating identity and further by policies used to generate token Action: [ ‘s3:Get*’ ] Effect: Allow Resource: ‘arn:aws:s3:::mybucket/*’ Enforce principle of least privilege with Identity and Access Management (IAM) users, groups, and policies and temporary credentials.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Protecting AWS credentials • Establish Least-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Common Use Cases Manage user access to AWS accounts and resources • Developers signing in to the AWS Command Line Interface (AWS CLI) or AWS Management Console • Allow access to billing for accounts • Enable User access to RDS!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity Authentication For Users Authentication: How do we know you are who you say you are? AWS Management Console API access Login with Username/Password with optional MFA (recommended) Access API using Access Key + Secret Key, with optional MFA ACCESS KEY ID Ex: AKIAIOSFODNN7EXAMPLE SECRET KEY Ex: UtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY For time-limited access: Call the AWS Security Token Service (STS) to get a temporary AccessKey + SecretKey + session token For time-limited access: a Signed URL can provide temporary access to the Console
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enabling YubiKey on your account https://digilution.io/posts/yubikey-and-aws-iam/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity and Access Management (IAM) Securely control access to AWS services and resources for your users. Username/ User Manage groups of users Centralized Access Control • Password for console access. • Policies for controlling access AWS APIs. • Two methods to sign API calls: • X.509 certificate • Access/Secret Keys • Multi-factor Authentication (MFA) Optional Configurations:
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Common Use Cases Manage application access to data and resources • Applications running on Amazon EC2 instances or containers that need access to data in Amazon S3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IAM Roles { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1550838175355", "Action": "es:*", "Effect": "Allow", "Resource": "arn:aws:es:eu-west-1:210111111333421:domain/logs/*" } ] }
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Same Principles • Apply Least Privileged • Get Granular
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ric Harvey Startup Solutions Architect / Technical Developer Evangelist Amazon Web Services rjh@amazon.com @ric__harvey https://gitlab.com/ric_harvey/
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
Bhavin Desai, CCIE Security
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Amazon Web Services
 
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Amazon Web Services
 
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
Amazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 

Recommended

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
Bhavin Desai, CCIE Security
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Amazon Web Services
 
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Amazon Web Services
 
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...
Amazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Amazon Web Services
 
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Amazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
Amazon Web Services
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Amazon Web Services
 
Securityhub
SecurityhubSecurityhub
Securityhub
Richard Harvey
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
RobSutter2
 
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdfAWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
Amazon Web Services
 
A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...
Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Amazon Web Services
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
Amazon Web Services
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Amazon Web Services
 
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Amazon Web Services
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
Amazon Web Services
 
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
Aws
AwsAws
Aws
Megha Sahu
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Amazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
Amazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
Amazon Web Services
 

More Related Content

What's hot

Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Amazon Web Services
 
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Amazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
Amazon Web Services
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Amazon Web Services
 
Securityhub
SecurityhubSecurityhub
Securityhub
Richard Harvey
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
RobSutter2
 
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdfAWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
Amazon Web Services
 
A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...
Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Amazon Web Services
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
Amazon Web Services
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Amazon Web Services
 
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Amazon Web Services
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
Amazon Web Services
 
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
Aws
AwsAws
Aws
Megha Sahu
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Amazon Web Services
 

What's hot (20)

Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
 
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
Accelerare l’utilizzo del Machine Learning con le soluzioni ML pronte per l’u...
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
 
Securityhub
SecurityhubSecurityhub
Securityhub
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
 
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdfAWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
AWSome Day Online Conference 2019 - Module 3 AWS Security.pdf
 
A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...A security-first approach to delivering end-user computing services - FND327 ...
A security-first approach to delivering end-user computing services - FND327 ...
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS Summit
 
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
Permissions boundaries: how to truly delegate permissions on AWS - SDD406-R -...
 
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...
 
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
Firecracker: Secure and fast microVMs for serverless computing - SEP316 - AWS...
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
Aws
AwsAws
Aws
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
 

Similar to AWS Identity Access Management

AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
Amazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
Amazon Web Services
 
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Amazon Web Services
 
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
Amazon Web Services
 
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Amazon Web Services
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Amazon Web Services
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
Amazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Federation & Access Management
Federation & Access ManagementFederation & Access Management
Federation & Access Management
Amazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
Amazon Web Services
 
So You've Got ATO - Are You Sure You are Secure?
So You've Got ATO - Are You Sure You are Secure?So You've Got ATO - Are You Sure You are Secure?
So You've Got ATO - Are You Sure You are Secure?
Amazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
Amazon Web Services
 
A Practitioner Guide to Securing Your Cloud (Like an Expert)
A Practitioner Guide to Securing Your Cloud (Like an Expert)A Practitioner Guide to Securing Your Cloud (Like an Expert)
A Practitioner Guide to Securing Your Cloud (Like an Expert)
Amazon Web Services
 

Similar to AWS Identity Access Management (20)

AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
 
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
 
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...
 
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Federation & Access Management
Federation & Access ManagementFederation & Access Management
Federation & Access Management
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
So You've Got ATO - Are You Sure You are Secure?
So You've Got ATO - Are You Sure You are Secure?So You've Got ATO - Are You Sure You are Secure?
So You've Got ATO - Are You Sure You are Secure?
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
A Practitioner Guide to Securing Your Cloud (Like an Expert)
A Practitioner Guide to Securing Your Cloud (Like an Expert)A Practitioner Guide to Securing Your Cloud (Like an Expert)
A Practitioner Guide to Securing Your Cloud (Like an Expert)
 

More from Richard Harvey

Core services
Core servicesCore services
Core services
Richard Harvey
 
Amplify console
Amplify consoleAmplify console
Amplify console
Richard Harvey
 
Introducing aws deep lens
Introducing aws deep lensIntroducing aws deep lens
Introducing aws deep lens
Richard Harvey
 
AI Today
AI TodayAI Today
AI Today
Richard Harvey
 
Re cap2018
Re cap2018Re cap2018
Re cap2018
Richard Harvey
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
Richard Harvey
 
Practical AWS Fargate
Practical AWS FargatePractical AWS Fargate
Practical AWS Fargate
Richard Harvey
 
Amazon Container Services - Let me count the ways
Amazon Container Services - Let me count the waysAmazon Container Services - Let me count the ways
Amazon Container Services - Let me count the ways
Richard Harvey
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container Services
Richard Harvey
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and Encryption
Richard Harvey
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
Richard Harvey
 
Lex and connect
Lex and connectLex and connect
Lex and connect
Richard Harvey
 
Amazon Workspaces Master Class
Amazon Workspaces Master ClassAmazon Workspaces Master Class
Amazon Workspaces Master Class
Richard Harvey
 
Micro services and Containers
Micro services and ContainersMicro services and Containers
Micro services and Containers
Richard Harvey
 
AWS 101 Guide
AWS 101 GuideAWS 101 Guide
AWS 101 Guide
Richard Harvey
 
About Me
About MeAbout Me
About Me
Richard Harvey
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
Richard Harvey
 
Cloud Strategy
Cloud StrategyCloud Strategy
Cloud Strategy
Richard Harvey
 
Cloud War Stories
Cloud War StoriesCloud War Stories
Cloud War Stories
Richard Harvey
 
What is Cloud computing?
What is Cloud computing?What is Cloud computing?
What is Cloud computing?
Richard Harvey
 

More from Richard Harvey (20)

Core services
Core servicesCore services
Core services
 
Amplify console
Amplify consoleAmplify console
Amplify console
 
Introducing aws deep lens
Introducing aws deep lensIntroducing aws deep lens
Introducing aws deep lens
 
AI Today
AI TodayAI Today
AI Today
 
Re cap2018
Re cap2018Re cap2018
Re cap2018
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
 
Practical AWS Fargate
Practical AWS FargatePractical AWS Fargate
Practical AWS Fargate
 
Amazon Container Services - Let me count the ways
Amazon Container Services - Let me count the waysAmazon Container Services - Let me count the ways
Amazon Container Services - Let me count the ways
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container Services
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and Encryption
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
Lex and connect
Lex and connectLex and connect
Lex and connect
 
Amazon Workspaces Master Class
Amazon Workspaces Master ClassAmazon Workspaces Master Class
Amazon Workspaces Master Class
 
Micro services and Containers
Micro services and ContainersMicro services and Containers
Micro services and Containers
 
AWS 101 Guide
AWS 101 GuideAWS 101 Guide
AWS 101 Guide
 
About Me
About MeAbout Me
About Me
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
 
Cloud Strategy
Cloud StrategyCloud Strategy
Cloud Strategy
 
Cloud War Stories
Cloud War StoriesCloud War Stories
Cloud War Stories
 
What is Cloud computing?
What is Cloud computing?What is Cloud computing?
What is Cloud computing?
 

Recently uploaded

留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 

Recently uploaded (19)

留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 

AWS Identity Access Management

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity Access Management (IAM) Ric Harvey Startup Solutions Architect / Technical Developer Evangelist Amazon Web Services rjh@amazon.com @ric__harvey https://gitlab.com/ric_harvey/
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Broad Security & Identity Portfolio • AWS Identity & Access Management (IAM) • AWS Single Sign-On (SSO) • AWS Directory Service • Amazon Cloud Directory • AWS Secrets Manager • Amazon Cognito • AWS Organizations • AWS Resource Access Manager (RAM) • AWS Security Hub • Amazon GuardDuty • AWS CloudTrail • AWS Config • Amazon CloudWatch • VPC Flow Logs • AWS Systems Manager • AWS Shield • AWS Web Application Firewall (AWS WAF) • Amazon Inspector • Amazon Virtual Private Cloud (VPC) • AWS Key Management Service (KMS) • AWS CloudHSM • Amazon Macie • AWS Certificate Manager • Server-Side Encryption • AWS Config Rules • AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
  • 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud CustomerAWS
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Least Privileged
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AAA with AWS Authenticate IAM Username/Password Access Key (+ MFA) Federation Authorize IAM Policies Audit CloudTrail
  • 7. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Principals • Access to specific services. • Access to console and/or APIs. • Access to Customer Support (Business and Enterprise). IAM Users, Groups and Roles • Access to specific services. • Access to console and/or APIs. Temporary Security Credentials • Access to all subscribed services. • Access to billing. • Access to console and APIs. • Access to Customer Support. Account Owner ID (Root Account)
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Authorization and Privileges Authorization: What are you allowed to do? Account Owner (Root) • Privileged for all actions. IAM Policies • Privileges defined at User and Resource Level Note: Always associate the account owner ID with an MFA device and store it in a secured place!
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS IAM Hierarchy of Privileges AWS Account Owner (Root) AWS IAM User Temporary Security Credentials Permissions Example Unrestricted access to all enabled services and resources. Action: * Effect: Allow Resource: * (implicit) Access restricted by Group and User policies Action: [‘s3:*’,’sts:Get*’] Effect: Allow Resource: * Access restricted by generating identity and further by policies used to generate token Action: [ ‘s3:Get*’ ] Effect: Allow Resource: ‘arn:aws:s3:::mybucket/*’ Enforce principle of least privilege with Identity and Access Management (IAM) users, groups, and policies and temporary credentials.
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Protecting AWS credentials • Establish Least-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
  • 15. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Common Use Cases Manage user access to AWS accounts and resources • Developers signing in to the AWS Command Line Interface (AWS CLI) or AWS Management Console • Allow access to billing for accounts • Enable User access to RDS!
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity Authentication For Users Authentication: How do we know you are who you say you are? AWS Management Console API access Login with Username/Password with optional MFA (recommended) Access API using Access Key + Secret Key, with optional MFA ACCESS KEY ID Ex: AKIAIOSFODNN7EXAMPLE SECRET KEY Ex: UtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY For time-limited access: Call the AWS Security Token Service (STS) to get a temporary AccessKey + SecretKey + session token For time-limited access: a Signed URL can provide temporary access to the Console
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enabling YubiKey on your account https://digilution.io/posts/yubikey-and-aws-iam/
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Identity and Access Management (IAM) Securely control access to AWS services and resources for your users. Username/ User Manage groups of users Centralized Access Control • Password for console access. • Policies for controlling access AWS APIs. • Two methods to sign API calls: • X.509 certificate • Access/Secret Keys • Multi-factor Authentication (MFA) Optional Configurations:
  • 20. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 21. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Common Use Cases Manage application access to data and resources • Applications running on Amazon EC2 instances or containers that need access to data in Amazon S3
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IAM Roles { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1550838175355", "Action": "es:*", "Effect": "Allow", "Resource": "arn:aws:es:eu-west-1:210111111333421:domain/logs/*" } ] }
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Same Principles • Apply Least Privileged • Get Granular
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
  • 26. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ric Harvey Startup Solutions Architect / Technical Developer Evangelist Amazon Web Services rjh@amazon.com @ric__harvey https://gitlab.com/ric_harvey/
  • 27. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.