IAM
Guides¶
Link | Notes |
---|---|
AWS managed policies | A Managed Policy Reference Guide with 1k+ policies |
Permissions Reference for AWS IAM | A website built in order to provide an alternate, community-driven source of truth for AWS identity |
Effective IAM for AWS: A guide to realize IAM best practices | Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers |
How to revoke federated users’ active AWS sessions | How to revoke access to specific users’ sessions on AWS assumed roles through the use of AWS IAM policies and SCPs |
Designing¶
Link | Notes |
---|---|
Managing temporary elevated access to your AWS environment | Post discussing temporary elevated access and how it can mitigate risks relating to human access to your AWS environment |
sensitive_iam_actions | Crowdsourced list of sensitive IAM Actions |
Root Principal¶
Link | Notes |
---|---|
Summit Route Managing AWS root passwords and MFA | How not use the root user account, and how to manage the credentials (password and MFA) for the root user effectively |
Security Implication of Root principal in AWS | An interesting way of abusing the AWS KMS for data exfiltration in restricted VPCs |
Audit¶
Link | Notes |
---|---|
Summit Route How to audit AWS IAM and resource policies |
|
Top ten AWS identity health checks to improve security in the cloud | Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes |
Federation¶
GSuite¶
Link | Notes |
---|---|
How to use Google Workspace as an external identity provider for AWS IAM Identity Center | How to set up Google Workspace as an external identity provider (IdP) for AWS IAM Identity Center |