Setting AWS Permissions Boundaries for Large Cloud Environments - A Self-Service IAM Model
fwd:cloudsec via YouTube
Master Windows Internals - Kernel Programming, Debugging & Architecture
Power BI Fundamentals - Create visualizations and dashboards from scratch
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn how to effectively implement AWS Permissions boundaries in large-scale cloud environments through this technical conference talk from fwd:cloudsec. Explore how central security teams can empower development teams while maintaining robust security controls, focusing on Booking.com's innovative approach to permissions management. Discover the implementation of "flavored" permissions boundaries that accommodate unique security exceptions and account-level requirements while ensuring scalability. Master techniques for creating dynamic boundaries, including Global Denial Lists, Service Allow Lists, and Account Level Exceptions, all while maintaining a balance between security compliance and developer productivity. Gain practical insights into overcoming common challenges in implementing IAM models and establishing a self-service framework that supports both rapid cloud adoption and comprehensive security measures.
Syllabus
Intro
Topic
Agenda
Challenges
Machine boundary
Onesizefitsall boundary
Flavored approach
So far so good
Lets find out
Define Global Denial List
Service Allow List
Account Level Exceptions
Per Account Level Exceptions
Input Boundary List
Dynamic Statements
Enforce
Onesizefitsall
Does it scale
Developer experience
Questions
Taught by
fwd:cloudsec