IAM Pulse Check #6 - Saudade

From KubeCon to re:Invent in Brazilian spirit

Read Issue on Revue
IAM Pulse Check #6 - Saudade

Hey folks,

Some words in Brazilian Portuguese don’t have a direct translation to English, one of the most notable being the word Saudade. The closest way to describe it is that feeling of longing one gets when they’ve been away with someone or something for a long time.Seeing a lot of familiar faces together in person at last week’s KubeCon gave me a strong feeling of Saudade as I watched from afar online. While not directly related to the IAM domain, the people and spirit are the same – cloud practitioners all working together to make things better.

I recall the first KubeCon in San Francisco, tiny in comparison to what it has become today. Speaking of large conferences, I’m also old enough to remember when AWS re:Invent was only in one hotel. Our team does plan to be there in person this year, which will quickly turn that feeling of Saudade into a feeling of Get Me the Hell Out of Here. 3 days - that’s my Vegas limit :)

We’re cooking up something fresh and fun for re:Invent. Stay tuned!

Cheers,

Ivan

IAM checking these out...

Inherited AWS Account - CloudSecDocs

Imagine landing at a new company on a new job, and being handed a messy AWS account to clean up. Where do you start? That was the framing for a great piece of work by Matt Fuller, which can be read here. Inspired by that work, Marco Lancini created a prescriptive step-by-step guide – excellent reference piece for the bookmarks.

Cloud Security Orienteering - tl;dr sec

In a similar vein as above, here’s a fantastic guide by Rami McCarthy that I keep finding myself coming back to. In it, Rami walks through all of the considerations when tasked to secure an unfamiliar AWS environment. What I appreciate about this guide is respecting the people involved, and the understanding that every environment is different with different goals.

IAM reading from the community...

Designing Least Privilege AWS IAM Policies for People | IAM Pulse

Speaking of respecting people, this article from Alex Smolen speaks to a very important consideration when crafting IAM policies – least privilege must be enough privilege. Sometimes there’s more to right sizing than the bare minimum, you also have to think about what could change.

AWS IAM: Share ECR Docker Image and Secrets Between AWS Accounts | IAM Pulse

Kyler Middleton is back with another excellent article, this time sharing a practical example of a container-based CI/CD system architecture that keeps secrets tightly secured across the pipeline. There’s a few gotchas in the mix as you find yourself in multi-account scenarios, so I highly recommend reading this article in full as they’ve done a lot of the heavy lifting figuring it all out.

IAM listening to this...

Moacir Santos – Saudade (1974, Vinyl) - Discogs

Moacir Santos was a well known Brazilian composer, who found crossover success in the US, recording 3 albums for the legendary Blue Note label during the 70s. His lone solo release in Brazil titled Coisas from 1965 is one of the prizes of my collection. That one would cost you a pretty penny, but thankfully his Blue Note releases can be found for just a few bucks. Saudade will give you that feeling I described in the intro. While Coisas is more hypnotic and soulful, this is more playful, keeping a consistent vibe like you’re walking down the beach in Rio. Now there’s an activity I most certainly long for!

Get the IAM Pulse Check Newsletter

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.