SlideShare uma empresa Scribd logo

SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Invent 2012

Amazon Web Services
Amazon Web Services

The document provides an overview of 10 best practices for AWS Identity and Access Management (IAM). It discusses creating individual users and managing permissions with groups. It also covers granting least privilege, configuring strong password policies, enabling multi-factor authentication for privileged users, using IAM roles for EC2 instances and sharing access. Additional best practices include rotating security credentials regularly, restricting access with conditions, and reducing reliance on root users. The document is copyrighted material from Amazon.

1 de 43
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
1. Users Create individual users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Unique credentials • Individual credential rotation • Individual permissions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
2. Groups Manage permissions with groups © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Easier to assign the same permissions to multiple users • Simpler to re-assign permissions based on change in responsibilities • Only one change to update permissions for multiple users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
3. Permissions Grant least privilege © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • More granular control • Less chance of people making mistakes • Easier to relax than to tighten up © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
4. Passwords Configure a strong password policy © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Ensures your users and your data are protected © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
5. MFA Enable MFA for privileged users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Supplements username and password to require a one- time code during authentication © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
6. Roles Use IAM roles for EC2 instances © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Easy to manage access keys on EC2 instances • Automatic key rotation • Assign least privilege to the application • AWS SDKs fully integrated © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
7. Sharing Use IAM roles to share access © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • No need to security credentials • Easy to break sharing relationship • Use cases © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
prod@example.com Permissions assigned to ddb-role dev@example.com Acct ID: 111122223333 Acct ID: 123456789012 { "Statement": [ Authenticate with STS { Jeff access keys "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", ddb-role "dynamodb:Scan", Get temporary IAM user: Jeff security credentials "dynamodb:DescribeTable", for ddb-role "dynamodb:ListTables" ], Permissions assigned to Jeff granting him permission "Effect": "Allow", to assume ddb-role in account B "Resource": "*" Call AWS APIs }]} { "Statement": [ { using temporary "Effect": "Allow", security credentials "Action": "sts:AssumeRole", of ddb-role { "Statement": [ "Resource": { "arn:aws:iam::111122223333:role/ddb-role" "Effect":"Allow", }]} "Principal":{"AWS":"123456789012"}, "Action":"sts:AssumeRole" }]} ddb-role trusts IAM users from the AWS account dev@example.com (123456789012) © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
8. Rotation Rotate security credentials regularly © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
(enable password rotation sample policy) Password { "Statement": [{ "Effect": "Allow", "Action": "iam:ChangePassword", Enforcing a password policy will "Resource": automatically enable IAM users to "arn:aws:iam::123456789012:user/anders" manage their password } ]} © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
(enable access key rotation sample policy) Access Keys Steps to rotate access keys { "Statement": [{ "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:DeleteAccessKey", "iam:ListAccessKeys", "iam:UpdateAccessKey"], "Resource": "arn:aws:iam::123456789012:user/anders" } ]} © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
9. Conditions Restrict privileged access further with conditions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps • Additional granularity when defining permissions • Can be enabled for any AWS service API • Minimizes accidentally performing privileged actions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
{ { "Statement":[{ "Statement":[{ "Effect":"Deny", "Effect":"Allow", "Action":["ec2:TerminateInstances"], MFA "Resource":["*"], "Condition":{ “SSL” "Action":"iam:*AccessKey*", "Resource”:"arn:aws:iam::123456789012:user/*", "Condition":{ "Null":{"aws:MultiFactorAuthAge":"true"} "Bool":{“aws:SecureTransport":"true"}, }}]} }}]} Enables a user to terminate EC2 instances only if the user has Enables a user to manage access keys for all IAM users only if authenticated with their MFA device. the user is coming over SSL. { "Statement":[{ "Effect":"Allow", "Action":["ec2:TerminateInstances“], SourceIP "Resource":["*“], "Condition":{ "IpAddress":{"aws:SourceIP":"192.168.176.0/24"} }}]} Enables a user to terminate EC2 instances only if the user is accessing EC2 from the 192.168.176.0/24 address range. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
10. Root Reduce/remove use of root © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Benefits How to steps © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
1. Users – Create individual users 2. Groups – Manage permissions with groups 3. Permissions – Grant least privilege 4. Password – Configure a strong password policy 5. MFA – Enable MFA for privileged users 6. Roles – Use IAM roles for EC2 instances 7. Sharing – Use IAM roles to share access 8. Rotate – Rotate security credentials regularly 9. Conditions – Restrict privileged access further with conditions 0. Root – Reduce/remove use of root © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Code Session Time SEC101 A Guided Tour of AWS Identity and Access Management Wednesday 11/28 2.05pm SEC302 Delegating Access to Your AWS Environment Wednesday 11/28 3.25pm SEC303 TOP 10 IAM Best Practices Thursday 11/29 3pm • Learn more from our detail page http://aws.amazon.com/iam • AWS forum where we hang out https://forums.aws.amazon.com/forum.jspa?forumID=76 • Documentation http://aws.amazon.com/documentation/iam/ • Twitter - Follow us @AWSIdentity - #reinvent © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
We are sincerely eager to hear your feedback on this presentation and on re:Invent. Please fill out an evaluation form when you have a chance. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.

Recomendados

IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live byJohn Varghese
 
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Amazon Web Services
 
Policy Ninja
Policy NinjaPolicy Ninja
Policy NinjaAmazon Web Services
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 

Recomendados

IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live byJohn Varghese
 
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Amazon Web Services
 
Policy Ninja
Policy NinjaPolicy Ninja
Policy NinjaAmazon Web Services
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 
Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Goran Karmisevic
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english Bogdan Naydenov
 
Federation
Federation Federation
Federation Amazon Web Services
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Amazon services iam
Amazon services iamAmazon services iam
Amazon services iamIsmaeel Enjreny
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012Amazon Web Services
 
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIBuild A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIStormpath
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
A guide on Aws Security Token Service
A guide on Aws Security Token ServiceA guide on Aws Security Token Service
A guide on Aws Security Token ServiceBlazeclan Technologies Private Limited
 
Aws IAM
Aws IAMAws IAM
Aws IAMChamali Liyanage
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
AWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases OptionsAWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases OptionsAmazon Web Services
 
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter KempsAWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter KempsAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Goran Karmisevic
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSAmazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english Bogdan Naydenov
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012Amazon Web Services
 
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIBuild A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIStormpath
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 

Mais procurados (20)

Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english
 
Federation
Federation Federation
Federation
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with Conditions
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated Billing
 
Amazon services iam
Amazon services iamAmazon services iam
Amazon services iam
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012
 
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIBuild A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
A guide on Aws Security Token Service
A guide on Aws Security Token ServiceA guide on Aws Security Token Service
A guide on Aws Security Token Service
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
 

Destaque

AWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases OptionsAWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases OptionsAmazon Web Services
 
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter KempsAWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter KempsAmazon Web Services
 
AWS Total Cost of Ownership Hong Kong and Taiwan
AWS Total Cost of Ownership Hong Kong and TaiwanAWS Total Cost of Ownership Hong Kong and Taiwan
AWS Total Cost of Ownership Hong Kong and TaiwanAmazon Web Services
 
Improving your Time to Market with AWS
Improving your Time to Market with AWSImproving your Time to Market with AWS
Improving your Time to Market with AWSAmazon Web Services
 
AWS Sydney Summit 2013 - Scalable Media Processing on the Cloud
AWS Sydney Summit 2013 - Scalable Media Processing on the CloudAWS Sydney Summit 2013 - Scalable Media Processing on the Cloud
AWS Sydney Summit 2013 - Scalable Media Processing on the CloudAmazon Web Services
 
AWS Customer Case Study - Tellybug
AWS Customer Case Study - TellybugAWS Customer Case Study - Tellybug
AWS Customer Case Study - TellybugAmazon Web Services
 
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...Amazon Web Services
 
AWS Webcast - Introducing Amazon Redshift
AWS Webcast - Introducing Amazon RedshiftAWS Webcast - Introducing Amazon Redshift
AWS Webcast - Introducing Amazon RedshiftAmazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: What's New with AWS
AWS 201 - A Walk through the AWS Cloud: What's New with AWSAWS 201 - A Walk through the AWS Cloud: What's New with AWS
AWS 201 - A Walk through the AWS Cloud: What's New with AWSAmazon Web Services
 
Aws webcast - Scaling on AWS 13 08-20
Aws webcast - Scaling on AWS 13 08-20Aws webcast - Scaling on AWS 13 08-20
Aws webcast - Scaling on AWS 13 08-20Amazon Web Services
 
AWS Canberra WWPS Summit 2013 - Big Data with AWS
AWS Canberra WWPS Summit 2013 - Big Data with AWSAWS Canberra WWPS Summit 2013 - Big Data with AWS
AWS Canberra WWPS Summit 2013 - Big Data with AWSAmazon Web Services
 
Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster Recovery Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster RecoveryAmazon Web Services
 
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012Amazon Web Services
 
City of Melbourne Keynote Sydney Customer Appreciation Day
City of Melbourne Keynote Sydney Customer Appreciation DayCity of Melbourne Keynote Sydney Customer Appreciation Day
City of Melbourne Keynote Sydney Customer Appreciation DayAmazon Web Services
 
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com Amazon Web Services
 
AWS Sydney Summit 2013 - Your First Week with Amazon EC2
AWS Sydney Summit 2013 - Your First Week with Amazon EC2AWS Sydney Summit 2013 - Your First Week with Amazon EC2
AWS Sydney Summit 2013 - Your First Week with Amazon EC2Amazon Web Services
 
AWS Partner Day London - June 11th 2013
AWS Partner Day London - June 11th 2013 AWS Partner Day London - June 11th 2013
AWS Partner Day London - June 11th 2013 Amazon Web Services
 
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012Amazon Web Services
 
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ AnhSlide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ AnhLuong Trung Thanh
 

Destaque (20)

AWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases OptionsAWS Summit 2013 | Singapore - Understanding Databases Options
AWS Summit 2013 | Singapore - Understanding Databases Options
 
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter KempsAWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
AWS Summit 2013 | India - Running Lean with Optimized Architecture, Pieter Kemps
 
AWS Total Cost of Ownership Hong Kong and Taiwan
AWS Total Cost of Ownership Hong Kong and TaiwanAWS Total Cost of Ownership Hong Kong and Taiwan
AWS Total Cost of Ownership Hong Kong and Taiwan
 
Improving your Time to Market with AWS
Improving your Time to Market with AWSImproving your Time to Market with AWS
Improving your Time to Market with AWS
 
AWS Sydney Summit 2013 - Scalable Media Processing on the Cloud
AWS Sydney Summit 2013 - Scalable Media Processing on the CloudAWS Sydney Summit 2013 - Scalable Media Processing on the Cloud
AWS Sydney Summit 2013 - Scalable Media Processing on the Cloud
 
AWS Customer Case Study - Tellybug
AWS Customer Case Study - TellybugAWS Customer Case Study - Tellybug
AWS Customer Case Study - Tellybug
 
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...
AWS Cloud Kata 2013 | Singapore - Building your 'Minimum Viable Product' (MVP...
 
AWS Webcast - Introducing Amazon Redshift
AWS Webcast - Introducing Amazon RedshiftAWS Webcast - Introducing Amazon Redshift
AWS Webcast - Introducing Amazon Redshift
 
AWS 201 - A Walk through the AWS Cloud: What's New with AWS
AWS 201 - A Walk through the AWS Cloud: What's New with AWSAWS 201 - A Walk through the AWS Cloud: What's New with AWS
AWS 201 - A Walk through the AWS Cloud: What's New with AWS
 
Aws webcast - Scaling on AWS 13 08-20
Aws webcast - Scaling on AWS 13 08-20Aws webcast - Scaling on AWS 13 08-20
Aws webcast - Scaling on AWS 13 08-20
 
AWS Canberra WWPS Summit 2013 - Big Data with AWS
AWS Canberra WWPS Summit 2013 - Big Data with AWSAWS Canberra WWPS Summit 2013 - Big Data with AWS
AWS Canberra WWPS Summit 2013 - Big Data with AWS
 
Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster Recovery Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster Recovery
 
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012
ENT302 Deploying Microsoft Exchange and SharePoint on AWS - AWS re: Invent 2012
 
City of Melbourne Keynote Sydney Customer Appreciation Day
City of Melbourne Keynote Sydney Customer Appreciation DayCity of Melbourne Keynote Sydney Customer Appreciation Day
City of Melbourne Keynote Sydney Customer Appreciation Day
 
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com
AWS Enterprise Summit London 2013 - Ian Page - funkypigeon.com
 
AWS Sydney Summit 2013 - Your First Week with Amazon EC2
AWS Sydney Summit 2013 - Your First Week with Amazon EC2AWS Sydney Summit 2013 - Your First Week with Amazon EC2
AWS Sydney Summit 2013 - Your First Week with Amazon EC2
 
AWS Perú Meetup - Arquitecting for HA by Raul Hugo
AWS Perú Meetup - Arquitecting for HA by Raul HugoAWS Perú Meetup - Arquitecting for HA by Raul Hugo
AWS Perú Meetup - Arquitecting for HA by Raul Hugo
 
AWS Partner Day London - June 11th 2013
AWS Partner Day London - June 11th 2013 AWS Partner Day London - June 11th 2013
AWS Partner Day London - June 11th 2013
 
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012
ENT205 Drinking Our Own Champagne - How Amazon uses AWS - AWS re: Invent 2012
 
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ AnhSlide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
 

Semelhante a SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Invent 2012

AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...Amazon Web Services
 
Delivering Better Search For WordPress - AWS Webcast
Delivering Better Search For WordPress - AWS WebcastDelivering Better Search For WordPress - AWS Webcast
Delivering Better Search For WordPress - AWS WebcastMichael Bohlig
 
Backup and Recovery for Linux With Amazon S3
Backup and Recovery for Linux With Amazon S3Backup and Recovery for Linux With Amazon S3
Backup and Recovery for Linux With Amazon S3Amazon Web Services
 
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...Amazon Web Services
 
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...Amazon Web Services
 
CIS13: AWS Identity and Access Management
CIS13: AWS Identity and Access ManagementCIS13: AWS Identity and Access Management
CIS13: AWS Identity and Access ManagementCloudIDSummit
 
AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17Amazon Web Services
 
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia -
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia - Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia -
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia - Amazon Web Services
 
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Amazon Web Services
 
DynamoDB and Amazon Cloudsearch
DynamoDB and Amazon CloudsearchDynamoDB and Amazon Cloudsearch
DynamoDB and Amazon CloudsearchMichael Bohlig
 
Meetup - Using CloudSearch with DynamoDB
Meetup - Using CloudSearch with DynamoDBMeetup - Using CloudSearch with DynamoDB
Meetup - Using CloudSearch with DynamoDBAmazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS Video
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS VideoAWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS Video
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS VideoAmazon Web Services
 
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012ENT203 Integrating On-Premise Resources - AWS re: Invent 2012
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
How to truly delegate within an account with permission boundaries - SEC301 -...
How to truly delegate within an account with permission boundaries - SEC301 -...How to truly delegate within an account with permission boundaries - SEC301 -...
How to truly delegate within an account with permission boundaries - SEC301 -...Amazon Web Services
 
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksThe Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksAmazon Web Services
 

Semelhante a SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Invent 2012 (20)

AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
 
Hadoop on the Cloud
Hadoop on the CloudHadoop on the Cloud
Hadoop on the Cloud
 
Delivering Better Search For WordPress - AWS Webcast
Delivering Better Search For WordPress - AWS WebcastDelivering Better Search For WordPress - AWS Webcast
Delivering Better Search For WordPress - AWS Webcast
 
Backup and Recovery for Linux With Amazon S3
Backup and Recovery for Linux With Amazon S3Backup and Recovery for Linux With Amazon S3
Backup and Recovery for Linux With Amazon S3
 
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...
Building Better Search For Wikipedia: How We Did It Using Amazon CloudSearch ...
 
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
 
CIS13: AWS Identity and Access Management
CIS13: AWS Identity and Access ManagementCIS13: AWS Identity and Access Management
CIS13: AWS Identity and Access Management
 
AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17AWS Webinar - Intro to Amazon Cloudfront 13-09-17
AWS Webinar - Intro to Amazon Cloudfront 13-09-17
 
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia -
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia - Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia -
Disaster Recovery with AWS - Simone Brunozzi - AWS Summit 2012 Australia -
 
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
 
DynamoDB and Amazon Cloudsearch
DynamoDB and Amazon CloudsearchDynamoDB and Amazon Cloudsearch
DynamoDB and Amazon Cloudsearch
 
Meetup - Using CloudSearch with DynamoDB
Meetup - Using CloudSearch with DynamoDBMeetup - Using CloudSearch with DynamoDB
Meetup - Using CloudSearch with DynamoDB
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
 
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS Video
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS VideoAWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS Video
AWS Webcast - Using JW Player and Amazon CloudFront to Stream HLS Video
 
PILMMA - Internet Domination Boot Camp for Lawyers 2013
PILMMA - Internet Domination Boot Camp for Lawyers 2013PILMMA - Internet Domination Boot Camp for Lawyers 2013
PILMMA - Internet Domination Boot Camp for Lawyers 2013
 
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012ENT203 Integrating On-Premise Resources - AWS re: Invent 2012
ENT203 Integrating On-Premise Resources - AWS re: Invent 2012
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
How to truly delegate within an account with permission boundaries - SEC301 -...
How to truly delegate within an account with permission boundaries - SEC301 -...How to truly delegate within an account with permission boundaries - SEC301 -...
How to truly delegate within an account with permission boundaries - SEC301 -...
 
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksThe Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Invent 2012

  • 1.
  • 2. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 3. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 4. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 5. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 6. 1. Users Create individual users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 7. Benefits How to steps • Unique credentials • Individual credential rotation • Individual permissions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 8. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 9. 2. Groups Manage permissions with groups © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 10. Benefits How to steps • Easier to assign the same permissions to multiple users • Simpler to re-assign permissions based on change in responsibilities • Only one change to update permissions for multiple users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 11. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 12. 3. Permissions Grant least privilege © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 13. Benefits How to steps • More granular control • Less chance of people making mistakes • Easier to relax than to tighten up © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 14. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 15. 4. Passwords Configure a strong password policy © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 16. Benefits How to steps • Ensures your users and your data are protected © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 17. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 18. 5. MFA Enable MFA for privileged users © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 19. Benefits How to steps • Supplements username and password to require a one- time code during authentication © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 20. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 21. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 22. 6. Roles Use IAM roles for EC2 instances © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 23. Benefits How to steps • Easy to manage access keys on EC2 instances • Automatic key rotation • Assign least privilege to the application • AWS SDKs fully integrated © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 24. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 25. 7. Sharing Use IAM roles to share access © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 26. Benefits How to steps • No need to security credentials • Easy to break sharing relationship • Use cases © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 27. prod@example.com Permissions assigned to ddb-role dev@example.com Acct ID: 111122223333 Acct ID: 123456789012 { "Statement": [ Authenticate with STS { Jeff access keys "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", ddb-role "dynamodb:Scan", Get temporary IAM user: Jeff security credentials "dynamodb:DescribeTable", for ddb-role "dynamodb:ListTables" ], Permissions assigned to Jeff granting him permission "Effect": "Allow", to assume ddb-role in account B "Resource": "*" Call AWS APIs }]} { "Statement": [ { using temporary "Effect": "Allow", security credentials "Action": "sts:AssumeRole", of ddb-role { "Statement": [ "Resource": { "arn:aws:iam::111122223333:role/ddb-role" "Effect":"Allow", }]} "Principal":{"AWS":"123456789012"}, "Action":"sts:AssumeRole" }]} ddb-role trusts IAM users from the AWS account dev@example.com (123456789012) © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 28. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 29. 8. Rotation Rotate security credentials regularly © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 30. Benefits How to steps © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 31. (enable password rotation sample policy) Password { "Statement": [{ "Effect": "Allow", "Action": "iam:ChangePassword", Enforcing a password policy will "Resource": automatically enable IAM users to "arn:aws:iam::123456789012:user/anders" manage their password } ]} © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 32. (enable access key rotation sample policy) Access Keys Steps to rotate access keys { "Statement": [{ "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:DeleteAccessKey", "iam:ListAccessKeys", "iam:UpdateAccessKey"], "Resource": "arn:aws:iam::123456789012:user/anders" } ]} © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 33. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 34. 9. Conditions Restrict privileged access further with conditions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 35. Benefits How to steps • Additional granularity when defining permissions • Can be enabled for any AWS service API • Minimizes accidentally performing privileged actions © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 36. { { "Statement":[{ "Statement":[{ "Effect":"Deny", "Effect":"Allow", "Action":["ec2:TerminateInstances"], MFA "Resource":["*"], "Condition":{ “SSL” "Action":"iam:*AccessKey*", "Resource”:"arn:aws:iam::123456789012:user/*", "Condition":{ "Null":{"aws:MultiFactorAuthAge":"true"} "Bool":{“aws:SecureTransport":"true"}, }}]} }}]} Enables a user to terminate EC2 instances only if the user has Enables a user to manage access keys for all IAM users only if authenticated with their MFA device. the user is coming over SSL. { "Statement":[{ "Effect":"Allow", "Action":["ec2:TerminateInstances“], SourceIP "Resource":["*“], "Condition":{ "IpAddress":{"aws:SourceIP":"192.168.176.0/24"} }}]} Enables a user to terminate EC2 instances only if the user is accessing EC2 from the 192.168.176.0/24 address range. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 37. 10. Root Reduce/remove use of root © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 38. Benefits How to steps © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 39. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 40. 1. Users – Create individual users 2. Groups – Manage permissions with groups 3. Permissions – Grant least privilege 4. Password – Configure a strong password policy 5. MFA – Enable MFA for privileged users 6. Roles – Use IAM roles for EC2 instances 7. Sharing – Use IAM roles to share access 8. Rotate – Rotate security credentials regularly 9. Conditions – Restrict privileged access further with conditions 0. Root – Reduce/remove use of root © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 41. Code Session Time SEC101 A Guided Tour of AWS Identity and Access Management Wednesday 11/28 2.05pm SEC302 Delegating Access to Your AWS Environment Wednesday 11/28 3.25pm SEC303 TOP 10 IAM Best Practices Thursday 11/29 3pm • Learn more from our detail page http://aws.amazon.com/iam • AWS forum where we hang out https://forums.aws.amazon.com/forum.jspa?forumID=76 • Documentation http://aws.amazon.com/documentation/iam/ • Twitter - Follow us @AWSIdentity - #reinvent © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 42. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 43. We are sincerely eager to hear your feedback on this presentation and on re:Invent. Please fill out an evaluation form when you have a chance. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.