AWS re:Invent 2023
Spur Productivity with Options for Identity and Access Sec336

Title

AWS re:Invent 2023 - Spur productivity with options for identity and access (SEC336)

Summary

  • Bridget Johnson and Karen Haberkorn, directors in AWS Identity, discuss how to navigate identity and access solutions to drive innovation and productivity within engineering teams.
  • They cover customer trends, foundational knowledge of identity and access, frameworks, and mental models for setting up AWS estates for success.
  • Attendees are given four roles to play: central security team, infrastructure access manager, application identity and access manager, and data analyst.
  • New features and tools are introduced, including IAM Access Analyzer improvements, IAM Identity Center, Amazon Cognito, Amazon Verified Permissions, and Trusted Identity Propagation.
  • Demonstrations include setting up data perimeters, verifying IAM configurations, automating permission reviews, implementing secure sign-up and sign-in, and user-centric data access.
  • The importance of multi-account environments, secure by default principles, least privilege access, and not rolling your own solutions for identity and access are emphasized.
  • Resources for further learning and upcoming events like AWS Reinforce are mentioned.

Insights

  • AWS is focusing on simplifying identity and access management (IAM) while maintaining security, allowing developers to innovate without being bogged down by complex IAM policies.
  • The concept of data perimeters and the use of condition keys in policies are critical for ensuring that only trusted identities can access sensitive resources from expected networks.
  • IAM Access Analyzer's new features, such as unused access findings, help organizations clean up unnecessary permissions and improve their security posture.
  • The introduction of tools like Amazon Cognito and Amazon Verified Permissions indicates AWS's commitment to providing managed services that handle common but complex tasks like user authentication and application-level permissions.
  • Trusted Identity Propagation represents a shift towards user-centric data access, which could significantly reduce the complexity of managing data access across multiple accounts and services.
  • AWS's approach to security is to empower users with tools and automation while providing guidance and best practices, as seen with the AWS CloudFormation Policy Validator tool and the curated guardrails in AWS Control Tower.
  • The session emphasizes the importance of multi-factor authentication (MFA) and the upcoming enforcement of MFA for root account credentials, highlighting AWS's stance on security as a priority.
  • The talk showcases AWS's strategy of integrating security into the development workflow, making it a seamless part of the process rather than an afterthought.
Splunk Edge Hub for Otiiot Data Collection and Edge Computing Aim230Strategies for Automated Scaling Remediation and Smart Self Healing Ent107