It's been a few months since my last newsletter – a lot has happened since then! We've been heads double down as a team working on getting our product ready for prime time, and I've been eyes wide open with the arrival of my second child. I couldn't give up building the company in that time, but had to sacrifice the newsletter as a screaming newborn and terrorizing toddler take precedence :)
I'm resuming the weekly cadence going forward – sharing what's top of mind, what we're working on, and the top online resources I come across. Glad to be back!
Ivan at IAM Pulse
From the IAM Pulse Team
A common scenario for teams working with Terraform is trying to answer the question – "what would happen if we made this IAM change?" It's near impossible to derive truths & meaning from inspecting code alone, so let's visualize it! Follow along with a technique that aims to bring clarity to code reviews – the first in a series, more to come.
From the Cloud Community
Chris Farris wraps up a 3-part Cloud Security Carol series with an honest look at IaC scanning. "Shift Left" is the right approach, but there is more to cover than just the surface-level checks. It's important to understand the context of the whole environment, and how a change to one thing could impact another.
I always appreciate when companies document their evolutionary paths in the cloud. As is often the case with AWS, multi-account environments become difficult to wrangle with. Here the folks at Temporal share their multi-account strategy, with some of the pitfalls along the way.
Boundaries are a solid way to implement guard rails in AWS – either at the Organization level via SCPs or User level via Permission Boundaries. But for IaC shops, the API limitations around AWS SSO can make this difficult. In this article, Chris McKinnel shares his technique for creating policies in Terraform and applying to Groups & Roles in AWS.
A huge announcement from the AWS Identity team, and one that had the Twitterverse going nuts! Roles are a best practice to avoid credential sprawl among other benefits, which you can now extend to workloads outside of AWS. A big move on their part to bring more things into AWS, and a great way to further eliminate those pesky keys. I bet we'll hear more on this in the coming months leading up to re:Invent.
What IAM Listening To
It's summer for those of us in the Northern Hemisphere. For some that means beach time, for me living in San Francisco... it doesn't. Thankfully, I can grab gems from the collection like this – a real smooth slice of modal jazz from 1964.
Enjoy this Issue? Subscribe to Get it in Your Email.See All Past Issues ->
Join the beta waitlist
Enter your email to get notified when our product becomes available to try.
Sign Up for the community
Create your member profile to get involved with our content, programs, and events.