A talk I gave at the Leeds AWS Meetup (01/11/2017) exploring how Sky Betting and Gaming manage secure access to AWS in an ever-increasing threat environment.
In-Depth Performance Testing Guide for IT Professionals
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?
1.
2. How do you manage secure access to AWS
in an ever-increasing threat environment?
3. Dear AWS Customer,
Your security is important to us. We recently
became aware that your AWS Access Key
(ending with 3KFA) along with your Secret Key
are publicly available on github.com . This poses
a security risk to you, could lead to excessive
charges from unauthorized activity or abuse, and
violates the AWS Customer Agreement.
24. Services: AWS APIs
The AWS Security Token Service (STS)
Enables temporary, limited-privilege credentials for AWS Identity and Access
Management (IAM) users or for users that you authenticate (federated users).
Single sign-on (SSO) to the console.
To support SSO, AWS lets you call a federation endpoint
(https://signin.aws.amazon.com/federation) and pass temporary security credentials.
http://docs.aws.amazon.com/IAM/latest/UserGuide/i
d_credentials_temp_request.html
🏆
25. Wrap up
✅ Joiner/movers/leavers
✅ Short lived TTL
✅ Fine grain policy
✅ Quick & easy
✅ Compliance
✅ Audit
✅ Controls
Edge cases for IAM creds…
Like what you heard? AWS Blog post coming soon! 😀
As IT professionals we don’t want our names in the papers for the wrong reasons.
Easy mistakes to make.
AWS atleast are looking out for you.
But it’s only a matter of time when using IAM User credentials.
More of a problem when your policing a large number of AWS accounts. We have 40+ for example.
That sets the scene.
Who I am.
Find me on twitter
We chose AWS for good reasons. We can to go fast, build stuff and pay for it only when we need it.
We also want to do it in a secure way.
Developers want to do things quickly and don’t want security in the way.
All your build tools are delivered by container
We still control the version and any configuration
You pick and choose what you need. Hence composable.