Migrating existing IAM to least-privilege IAM as IaC
Nimrod Kor at All The Talks 2020 - Security
Public cloud providers are now offering more mature and better integrated IAM services. The AWS IAM service is natively integrated with every AWS service and makes it simple to set up, connect and integrate services using various access control methods. In many organizations, this leads to a wide adoption of IAM usage practices that are not necessarily representative of the required levels of access and lead to many human errors.
In this talk we suggest to codify AWS IAM and manage it like any other code library. We demonstrate a method to migrate existing configurations to a manageable Terraform-based data model and show how to start to governing it using policy-as-code.
Nimrod Kor
Nimrod leads various cloud security researches. He is an open source contributor to various AWS security projects and also part of Bridgecrew's founding team. A believer in terraform as a security enabler.
In this talk we suggest to codify AWS IAM and manage it like any other code library. We demonstrate a method to migrate existing configurations to a manageable Terraform-based data model and show how to start to governing it using policy-as-code.
Nimrod Kor
Nimrod leads various cloud security researches. He is an open source contributor to various AWS security projects and also part of Bridgecrew's founding team. A believer in terraform as a security enabler.