IAM Pulse Check #1 – This is the Beginning
Kicking our newsletter off with a brief explanation of what to expect, and a nod to a forgotten San Francisco soul groupRead Issue on Revue
As you may have deduced from the giant #1 in the title, you’re reading the inaugural issue of this newsletter. Way to get in early, but this isn’t crypto, so I can’t promise 10000% gains on any inserted jpegs (we’ll see if NFT jokes survive the test of time).
As the first issue, the burning question is – who is this for? Anyone who is or aims to be responsible for availability, resilience, performance, or security of a production cloud environment. Why is that? Because if that’s your responsibility, IAM policies will no doubt come into play – and they’re hard. Who couldn’t use a little help along the way?
To set expectations – I’m not the “IAM guy” (nor do I play one on TV). I’m an appreciator of the complexities, a fan of the craft, and an admirer of the professionals. What I can and will do to my best ability is surface the most useful content across a wide range of channels – and you’re busy, so I’ll keep it short, sweet, and punchy.The surrounding context of this newsletter is that I lead an internal startup project at Okta called IAM Pulse. We’re an independent team working on building a fresh brand, product, and audience from the ground up. The space we’re tackling is – you guessed it – cloud IAM!
Thanks for reading, and I hope you enjoy the goods!
IAM checking these out...
There’s been a lot of chatter recently about the value of conference talks. Putting the issue to bed is the schedule for next week’s fwd:cloudsec event. Wow! I haven’t seen a lineup this stacked since the 1969 Monterey Jazz Festival. Our team was originally planning to be there in-person with a booth, but we’ll be rooting for everyone virtually instead. Be sure to tune in and watch the sessions online, I know I will be!
I’ve been following Ben’s content since the early days of serverless, and have always appreciated his style of breaking down complex topics. The “AM” in IAM is hard enough, but it’s the “I” that can be really confusing on AWS, especially when comparing to the traditional notion of Identity that represents a person trying to do a thing. This article does a great job explaining what a Principal is, and how AWS authentication actually works.
This is a very useful and prescriptive example of using Access Analyzer to its fullest. The team at AWS have been making a ton of really great improvements to the service, but arguable more importantly – the documentation! Keep it up team.
Sports fans know all about the gut punch – in cloud land, this one hits hard. The short of it is that granting read only access doesn’t always have the intended result, which is something to watch closely when trying to apply least privilege access. Read on to learn more.
If the last article made you queezy, I hate to have to do it to you again. A common trouble area folks can find themselves in is with role chaining, as it’s not always clear what permissions are applied when one user assumes another user or role with a different policy. Read this example of a very dangerous escalation mode, and what to look out for.
IAM listening to this...
What do rare groove records have to do with cloud IAM? Nothing… but I’m a collector, and I love word play as much as I do puns, so I’ll close out every issue with an album from my collection that fits the tone. I just have to add my personal flair, and hey… you might learn something new here too!
In thinking about where to start, this highly underrated San Francisco psychedelic soul album from 1970 came to mind. I’ve always loved that cover art! The lone release from this obscure group has a very similar vibe to early Sly & the Family Stone, and it’s actually rumored that Sly bit a lot of his style from frontman Leon Pattillo. Hmmm…
Get the IAM Pulse Check Newsletter
We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.
Checkout past issues for a sampling of the goods.