SlideShare a Scribd company logo

Managing users and aws accounts

Aleksandr Maklakov
Aleksandr Maklakov

How to manage AWS accounts and IAM users.

Technology
1 of 17
Download to read offline
Managing users and AWS accounts Aleksandr Maklakov – maklaud@zeoalliance.com
Agenda • Managing AWS account • Managing IAM users • Security Best Practices • Solutions • Questions
Managing AWS accounts • У кого от 1 до 3 AWS аккаунтов ? • У кого от 3 до 10 AWS аккаунтов ? • У кого больше 10 AWS аккаунтов ?
Managing AWS accounts • Why and When to Create Multiple Accounts?
Managing AWS accounts • isolation between workloads/departments • isolation between projects • minimize blast radius • optimize costs • environmental lifecycle accounts • centralize logging account • centralize publishing account
Managing IAM accounts • IAM users • Identity federation (SAML 2.0) • Directory service (LDAP)
Managing IAM accounts - Security Best Practices • Lock away your AWS account (root) access keys • Create individual IAM users • Use AWS-defined policies to assign permissions whenever possible • Use groups to assign permissions to IAM users • Grant least privilege • Configure a strong password policy for your users
Managing IAM accounts - Security Best Practices • Enable MFA for privileged users • Use roles for applications that run on Amazon EC2 instances • Delegate by using roles instead of by sharing credentials • Rotate credentials regularly • Remove unnecessary credentials • Use policy conditions for extra security • Monitor activity in your AWS account
Solutions
Solutions
Solutions
Solutions
Solutions
AWS Organizations • Centrally manage policies across multiple AWS accounts • Control access to AWS services • Automate AWS account creation and management • Consolidate billing across multiple AWS accounts
Our solution
Our solution + • single account, MFA, password policy to manage • native UX with AWS CLI and web console • different cost-centers • individual accounts for scripts • delegating/splitting user management - • some troubles with 3rd party tools • short STS session (1 hour)
The End • Questions ? • Comments ? • Feedback

Recommended

Wrangling Multiple AWS Accounts with AWS Organizations
Wrangling Multiple AWS Accounts with AWS OrganizationsWrangling Multiple AWS Accounts with AWS Organizations
Wrangling Multiple AWS Accounts with AWS Organizations
Amazon Web Services
 
Iam presentation
Iam presentationIam presentation
Iam presentation
AWS UG PK
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
Windsor AWS UG Deep Dive - AWS Organizations
Windsor AWS UG Deep Dive - AWS OrganizationsWindsor AWS UG Deep Dive - AWS Organizations
Windsor AWS UG Deep Dive - AWS Organizations
Goran Karmisevic
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best Practices
Amazon Web Services
 
Data Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceData Encryption - Azure Storage Service
Data Encryption - Azure Storage Service
Udaiappa Ramachandran
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Cross-Account Delegation in AWS
Cross-Account Delegation in AWSCross-Account Delegation in AWS
Cross-Account Delegation in AWS
James Wing
 

Recommended

Wrangling Multiple AWS Accounts with AWS Organizations
Wrangling Multiple AWS Accounts with AWS OrganizationsWrangling Multiple AWS Accounts with AWS Organizations
Wrangling Multiple AWS Accounts with AWS Organizations
Amazon Web Services
 
Iam presentation
Iam presentationIam presentation
Iam presentation
AWS UG PK
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
Windsor AWS UG Deep Dive - AWS Organizations
Windsor AWS UG Deep Dive - AWS OrganizationsWindsor AWS UG Deep Dive - AWS Organizations
Windsor AWS UG Deep Dive - AWS Organizations
Goran Karmisevic
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best Practices
Amazon Web Services
 
Data Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceData Encryption - Azure Storage Service
Data Encryption - Azure Storage Service
Udaiappa Ramachandran
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Cross-Account Delegation in AWS
Cross-Account Delegation in AWSCross-Account Delegation in AWS
Cross-Account Delegation in AWS
James Wing
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
Nagesh Ramamoorthy
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Federation
FederationFederation
Federation
Amazon Web Services
 
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB201901_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
Kumton Suttiraksiri
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
Amazon Web Services
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr service
Udaiappa Ramachandran
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
AWS Training Tutorial for Freshers
AWS Training Tutorial for FreshersAWS Training Tutorial for Freshers
AWS Training Tutorial for Freshers
rajkamaltibacademy
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
Aws
AwsAws
Aws
Janu Jahnavi
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
Ricardo Schmidt
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
Amazon Web Services
 
Certification in Microsoft Azure
Certification in Microsoft AzureCertification in Microsoft Azure
Certification in Microsoft Azure
Daniel Toomey
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
Securing Your Data in AWS
Securing Your Data in AWSSecuring Your Data in AWS
Securing Your Data in AWS
Amazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
AWS Germany
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web Services
Amazon Web Services
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
Shawn Ismail
 
AWS Introduction and History
AWS Introduction and HistoryAWS Introduction and History
AWS Introduction and History
Nagesh Ramamoorthy
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Сучасні цільові атаки
Сучасні цільові атакиСучасні цільові атаки
Сучасні цільові атаки
Vladyslav Radetsky
 

More Related Content

What's hot

AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
Nagesh Ramamoorthy
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Federation
FederationFederation
Federation
Amazon Web Services
 
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB201901_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
Kumton Suttiraksiri
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
Amazon Web Services
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr service
Udaiappa Ramachandran
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
AWS Training Tutorial for Freshers
AWS Training Tutorial for FreshersAWS Training Tutorial for Freshers
AWS Training Tutorial for Freshers
rajkamaltibacademy
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
Aws
AwsAws
Aws
Janu Jahnavi
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
Ricardo Schmidt
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
Amazon Web Services
 
Certification in Microsoft Azure
Certification in Microsoft AzureCertification in Microsoft Azure
Certification in Microsoft Azure
Daniel Toomey
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
Securing Your Data in AWS
Securing Your Data in AWSSecuring Your Data in AWS
Securing Your Data in AWS
Amazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
AWS Germany
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web Services
Amazon Web Services
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
Shawn Ismail
 
AWS Introduction and History
AWS Introduction and HistoryAWS Introduction and History
AWS Introduction and History
Nagesh Ramamoorthy
 

What's hot (20)

AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Federation
FederationFederation
Federation
 
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB201901_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr service
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
AWS Training Tutorial for Freshers
AWS Training Tutorial for FreshersAWS Training Tutorial for Freshers
AWS Training Tutorial for Freshers
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
Aws
AwsAws
Aws
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
 
Certification in Microsoft Azure
Certification in Microsoft AzureCertification in Microsoft Azure
Certification in Microsoft Azure
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
Securing Your Data in AWS
Securing Your Data in AWSSecuring Your Data in AWS
Securing Your Data in AWS
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web Services
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
 
AWS Introduction and History
AWS Introduction and HistoryAWS Introduction and History
AWS Introduction and History
 

Viewers also liked

How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Сучасні цільові атаки
Сучасні цільові атакиСучасні цільові атаки
Сучасні цільові атаки
Vladyslav Radetsky
 
Palo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплахPalo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплах
Vladyslav Radetsky
 
Anatomy of the modern application stack
Anatomy of the modern application stackAnatomy of the modern application stack
Anatomy of the modern application stack
Boyan Dimitrov
 
McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1
Vladyslav Radetsky
 
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Vladyslav Radetsky
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
Amazon Web Services
 
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
Amazon Web Services
 
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Amazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Amazon Web Services
 
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
Amazon Web Services
 
(BDT310) Big Data Architectural Patterns and Best Practices on AWS
(BDT310) Big Data Architectural Patterns and Best Practices on AWS(BDT310) Big Data Architectural Patterns and Best Practices on AWS
(BDT310) Big Data Architectural Patterns and Best Practices on AWS
Amazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
Amazon Web Services
 

Viewers also liked (14)

How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Сучасні цільові атаки
Сучасні цільові атакиСучасні цільові атаки
Сучасні цільові атаки
 
Palo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплахPalo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплах
 
Anatomy of the modern application stack
Anatomy of the modern application stackAnatomy of the modern application stack
Anatomy of the modern application stack
 
McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1McAfee Endpoint Security 10.1
McAfee Endpoint Security 10.1
 
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
Атаки на критичну інфраструктуру України. Висновки. Рекомендації.
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)
 
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
 
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
 
(BDT310) Big Data Architectural Patterns and Best Practices on AWS
(BDT310) Big Data Architectural Patterns and Best Practices on AWS(BDT310) Big Data Architectural Patterns and Best Practices on AWS
(BDT310) Big Data Architectural Patterns and Best Practices on AWS
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
 

Similar to Managing users and aws accounts

Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
Amazon Web Services
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practices
Sundeep Roxx
 
AWS Intro
AWS IntroAWS Intro
AWS Intro
HernnCSaltiel
 
AWS-IAM-intro-2016-08-03.pptx
AWS-IAM-intro-2016-08-03.pptxAWS-IAM-intro-2016-08-03.pptx
AWS-IAM-intro-2016-08-03.pptx
Bima Ariateja
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
Amazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
Amazon Web Services
 
Cloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWSCloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWS
CloudHesive
 
Using AWS Organizations to Ensure Compliance in Your Cloud
Using AWS Organizations to Ensure Compliance in Your CloudUsing AWS Organizations to Ensure Compliance in Your Cloud
Using AWS Organizations to Ensure Compliance in Your Cloud
Amazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
Julien SIMON
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
Amazon Web Services
 
Aws tutorial
Aws tutorialAws tutorial
Aws tutorial
karthik kumar
 
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
Amazon Web Services
 
Webinar: Securely Configuring and Mining AWS CloudTrail
Webinar: Securely Configuring and Mining AWS CloudTrailWebinar: Securely Configuring and Mining AWS CloudTrail
Webinar: Securely Configuring and Mining AWS CloudTrail
Aaron Klein
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
Amazon Web Services
 
Aws slides
Aws slidesAws slides
Aws slides
princesly
 
Aws slides
Aws slidesAws slides
Aws slides
Vinay Gali
 

Similar to Managing users and aws accounts (20)

Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practices
 
AWS Intro
AWS IntroAWS Intro
AWS Intro
 
AWS-IAM-intro-2016-08-03.pptx
AWS-IAM-intro-2016-08-03.pptxAWS-IAM-intro-2016-08-03.pptx
AWS-IAM-intro-2016-08-03.pptx
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
 
Cloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWSCloudifying your Security Operations on AWS
Cloudifying your Security Operations on AWS
 
AWS Security
AWS Security AWS Security
AWS Security
 
Using AWS Organizations to Ensure Compliance in Your Cloud
Using AWS Organizations to Ensure Compliance in Your CloudUsing AWS Organizations to Ensure Compliance in Your Cloud
Using AWS Organizations to Ensure Compliance in Your Cloud
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
Aws tutorial
Aws tutorialAws tutorial
Aws tutorial
 
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
AWS re:Invent 2016: NEW SERVICE: Centrally Manage Multiple AWS Accounts with ...
 
Webinar: Securely Configuring and Mining AWS CloudTrail
Webinar: Securely Configuring and Mining AWS CloudTrailWebinar: Securely Configuring and Mining AWS CloudTrail
Webinar: Securely Configuring and Mining AWS CloudTrail
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
 
Aws slides
Aws slidesAws slides
Aws slides
 
Aws slides
Aws slidesAws slides
Aws slides
 

More from Aleksandr Maklakov

GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS Lambda
Aleksandr Maklakov
 
AWS Certification from scratch
AWS Certification from scratchAWS Certification from scratch
AWS Certification from scratch
Aleksandr Maklakov
 
Chronicle of ReInvent 2019
Chronicle of ReInvent 2019Chronicle of ReInvent 2019
Chronicle of ReInvent 2019
Aleksandr Maklakov
 
How to stop dreaming about security and start implementing
How to stop dreaming about security and start implementingHow to stop dreaming about security and start implementing
How to stop dreaming about security and start implementing
Aleksandr Maklakov
 
Secure perimeter with AWS workspaces
Secure perimeter with AWS workspacesSecure perimeter with AWS workspaces
Secure perimeter with AWS workspaces
Aleksandr Maklakov
 
Going Serverless on AWS
Going Serverless on AWSGoing Serverless on AWS
Going Serverless on AWS
Aleksandr Maklakov
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Aleksandr Maklakov
 
AWS Container services
AWS Container servicesAWS Container services
AWS Container services
Aleksandr Maklakov
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
AWS CloudFront
AWS CloudFrontAWS CloudFront
AWS CloudFront
Aleksandr Maklakov
 
HOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLDHOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLD
Aleksandr Maklakov
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
Aleksandr Maklakov
 
Continuous operations in AWS
Continuous operations in AWSContinuous operations in AWS
Continuous operations in AWS
Aleksandr Maklakov
 
Architecture of NoSQL distributed clusters on AWS
Architecture of NoSQL distributed clusters on AWSArchitecture of NoSQL distributed clusters on AWS
Architecture of NoSQL distributed clusters on AWS
Aleksandr Maklakov
 

More from Aleksandr Maklakov (14)

GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS Lambda
 
AWS Certification from scratch
AWS Certification from scratchAWS Certification from scratch
AWS Certification from scratch
 
Chronicle of ReInvent 2019
Chronicle of ReInvent 2019Chronicle of ReInvent 2019
Chronicle of ReInvent 2019
 
How to stop dreaming about security and start implementing
How to stop dreaming about security and start implementingHow to stop dreaming about security and start implementing
How to stop dreaming about security and start implementing
 
Secure perimeter with AWS workspaces
Secure perimeter with AWS workspacesSecure perimeter with AWS workspaces
Secure perimeter with AWS workspaces
 
Going Serverless on AWS
Going Serverless on AWSGoing Serverless on AWS
Going Serverless on AWS
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
AWS Container services
AWS Container servicesAWS Container services
AWS Container services
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
 
AWS CloudFront
AWS CloudFrontAWS CloudFront
AWS CloudFront
 
HOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLDHOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLD
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
 
Continuous operations in AWS
Continuous operations in AWSContinuous operations in AWS
Continuous operations in AWS
 
Architecture of NoSQL distributed clusters on AWS
Architecture of NoSQL distributed clusters on AWSArchitecture of NoSQL distributed clusters on AWS
Architecture of NoSQL distributed clusters on AWS
 

Recently uploaded

Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

Managing users and aws accounts

  • 1. Managing users and AWS accounts Aleksandr Maklakov – maklaud@zeoalliance.com
  • 2. Agenda • Managing AWS account • Managing IAM users • Security Best Practices • Solutions • Questions
  • 3. Managing AWS accounts • У кого от 1 до 3 AWS аккаунтов ? • У кого от 3 до 10 AWS аккаунтов ? • У кого больше 10 AWS аккаунтов ?
  • 4. Managing AWS accounts • Why and When to Create Multiple Accounts?
  • 5. Managing AWS accounts • isolation between workloads/departments • isolation between projects • minimize blast radius • optimize costs • environmental lifecycle accounts • centralize logging account • centralize publishing account
  • 6. Managing IAM accounts • IAM users • Identity federation (SAML 2.0) • Directory service (LDAP)
  • 7. Managing IAM accounts - Security Best Practices • Lock away your AWS account (root) access keys • Create individual IAM users • Use AWS-defined policies to assign permissions whenever possible • Use groups to assign permissions to IAM users • Grant least privilege • Configure a strong password policy for your users
  • 8. Managing IAM accounts - Security Best Practices • Enable MFA for privileged users • Use roles for applications that run on Amazon EC2 instances • Delegate by using roles instead of by sharing credentials • Rotate credentials regularly • Remove unnecessary credentials • Use policy conditions for extra security • Monitor activity in your AWS account
  • 14. AWS Organizations • Centrally manage policies across multiple AWS accounts • Control access to AWS services • Automate AWS account creation and management • Consolidate billing across multiple AWS accounts
  • 16. Our solution + • single account, MFA, password policy to manage • native UX with AWS CLI and web console • different cost-centers • individual accounts for scripts • delegating/splitting user management - • some troubles with 3rd party tools • short STS session (1 hour)
  • 17. The End • Questions ? • Comments ? • Feedback