IAM Pulse Check #15 - Hear, Sense, and Feel

Take our Cloud IAM Survey to gain insights into the practice

Read Issue on Revue
IAM Pulse Check #15 - Hear, Sense, and Feel

Hey folks,

Thanks to those who contributed content for our end of the year holiday drive – we donated $500 across 5 charities from a fresh batch of helpful member articles. Let’s top that with our next campaign – the 2022 Cloud IAM Survey!

We’re planning our content and programs for the next year, so we’d love to hear from you to better focus our efforts on what would be most beneficial. Whether you’re the resident IAM expert or on a learning path, your perspective is incredibly valuable to the community.

The following survey covers topics like the methods for managing and accessing cloud environments, how IAM permissions are managed and reviewed, the specs & docs of the major cloud providers, the things that make working with IAM difficult, and how important cloud permissions are to your organization.

https://surveyhero.com/c/wunpjfij

I expect the survey to take about 15 minutes as a mix of multiple choice and ranked questions. To get a taste, some of the questions include:

  • Do you classify your resources in a manner that you can apply different permissions levels to?
  • How proficient are you in reading and understanding the contents of an IAM policy document for each provider?
  • How would you rate your organization’s ability to find misconfigurations and/or errors in IAM policies that lead to either access being denied or data being exposed?
  • When reviewing IAM policies in a cross-functional setting, what are some of the things that can lead to disagreement?
  • If you encounter access denied issues during development, where do you go to help resolve?

We’ll keep this survey open through the end of the month, and for every submission, we’ll donate $5 to Hack the Hood - an award-winning non-profit whose mission is to empower low-income youth of color with the knowledge, skills, and relationships they need to pursue careers in tech. We’re investing a lot in unique content & programs for the community this year, so you can expect a lot more from us as IAM helpers. Let’s tackle it together!

Cheers,

Ivan

IAM reading from the community...

Get Email Notification On AWS IAM User Creation | IAM Pulse

Keeping track of IAM users can be a tedious task, which is why a strong identity foundation is critical as your organization grows. While the recommended best practice is to integrate your corporate Identity Provider such as Okta with AWS SSO, it’s still a good idea to watch out for users being created directly. This example CloudWatch rule and Lambda function to send an email via SES whenever an IAM user is created.

Impersonate the Cloud: Running your app locally as if you were on Google Cloud | IAM Pulse

Local cloud development can be tricky. With Google Cloud, service account impersonation enables you to test cloud apps locally. But you shouldn’t have to update your code. Here’s a tutorial for how to do so.

Controlling AWS EKS Access Using AWS IAM And Kubernetes RBAC | IAM Pulse

Here’s a cool example for controlling AWS EKS access using AWS IAM and Kubernetes RBAC. Great way to extend IAM permissions to workloads.

IAM checking these out...

Cloud Security Breaches and Vulnerabilities: 2021 in Review

When it comes to security breaches, one might want to forget the past year (or any preceding year), but it’s always good to look at the trends as we enter a new season (of hurt). Christophe Tafani-Dereeper put together a comprehensive list of breaches, grouped by trends. Unsurprisingly, leaked credentials gets top billing, quickly followed by public S3 buckets. IAM stands for Identity & Access Management, remember?! :)

AWS re:Invent 2021 - A least privilege journey: AWS IAM policies and Access Analyzer

Of all the AWS re:Invent 2021 sessions I watched online after the event, this one was my clear favorite. Brigid Johnson, GM of Access Analyzer, powers through a series of helpful IAM tips & tricks with demos & jokes galore. I really appreciate her approach to “right sizing”, and acknowledging that the path to least privilege is a journey.

Fine grained access control now supported on existing Amazon OpenSearch Service domains

A welcome update from the AWS, further enforcing access controls for the OpenSearch service. What’s cool about this is the ability to map IAM principals to data permissions, allowing you to get really fine-grained.

IAM listening to this...

The Awakening – Hear, Sense And Feel (1972, Vinyl) - Discogs

Black Jazz was an independent record label from Oakland in the 70s that pumped out a healthy catalog in just a few short years. One of the premier artists on the label was a group of young music students from Chicago known as The Awakening. With a raw, but polished sound, their two albums on the label consist of some top shelf jazz funk. This album is their debut release, and hands down my favorite across the entire Black Jazz catalog.

Get the IAM Pulse Check Newsletter

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.