Skip to content

IAM

Guides

Link Notes
Permissions Reference for AWS IAM A website built in order to provide an alternate, community-driven source of truth for AWS identity
Effective IAM for AWS: A guide to realize IAM best practices Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers

Designing

Link Notes
Designing Least Privilege AWS IAM Policies for People Got engineers with AdministratorAccess? Here's how to deploy reduced privilege IAM roles for people without breaking their workflows
Managing temporary elevated access to your AWS environment Post discussing temporary elevated access and how it can mitigate risks relating to human access to your AWS environment

Root Principal

Link Notes
Summit Route Managing AWS root passwords and MFA How not use the root user account, and how to manage the credentials (password and MFA) for the root user effectively
Security Implication of Root principal in AWS An interesting way of abusing the AWS KMS for data exfiltration in restricted VPCs

Audit

Link Notes
Summit Route How to audit AWS IAM and resource policies
    Some general rules:
    • Beware that anything with Allow and Principal "*" is public
    • Never use Allow with NotPrincipal
    • Never use Allow with NotAction
Top ten AWS identity health checks to improve security in the cloud Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes
Back to top