Presented at
BSidesLV 2023,
Aug. 9, 2023, 5 p.m.
(Unknown duration)
This talk will tell the story on how we used SCPs (service control policies), IAM permission boundaries and IAM policies across our AWS Organization to set up the necessary guardrails to allow our engineering teams to use privileged IAM actions in AWS environments, enabling them to move fast without the need for manual approval workflows for the creation of resources. Additionally, we used an event based solution powered by EventBridge and Lambda to analyse for compliance, perform automated remediations and send notifications, which increased our visibility without adding to our workload. Cloud service providers forever changed how engineering teams work. Many companies have moved, or are starting to move, away from maintaining and operating cold and unforgiving server rooms, allowing that to be someone else's problem. The time and effort required to have a server up and running went from weeks or days to seconds or minutes. Infrastructure as Code elevated that, allowing teams to have consistent working environments thus enabling the business to support as many customers or features as they wish to, reliably. Security teams' need to find comfort in flexibility to empower engineering teams. Identity and access management, are a vital part of that journey.
Presenters:
-
Sara Perez
Sara started as a penetration tester (before then she did some ever exciting PCI DSS audits) hacked things for a living for a good 6 years and delivered training at Blackhat ASIA, EU and US conferences before moving to the blue side of things, trying to embed security at the design stage, finding ways of hardening long-running systems, and enabling engineering teams to securely do what they need to do. Sara currently serves as Principal Cloud Security Engineer at Okta.
Links:
Similar Presentations: