Setting AWS Permissions Boundaries for Large Cloud Environments - A Self-Service IAM Model

Learn how to effectively implement AWS Permissions boundaries in large-scale cloud environments through this technical conference talk from fwd:cloudsec. Explore how central security teams can empower development teams while maintaining robust security controls, focusing on Booking.com's innovative approach to permissions management. Discover the implementation of "flavored" permissions boundaries that accommodate unique security exceptions and account-level requirements while ensuring scalability. Master techniques for creating dynamic boundaries, including Global Denial Lists, Service Allow Lists, and Account Level Exceptions, all while maintaining a balance between security compliance and developer productivity. Gain practical insights into overcoming common challenges in implementing IAM models and establishing a self-service framework that supports both rapid cloud adoption and comprehensive security measures.