IAM
Guides¶
| Link | Notes |
|---|---|
| AWS managed policies | A Managed Policy Reference Guide with 1k+ policies |
| Permissions Reference for AWS IAM | A website built in order to provide an alternate, community-driven source of truth for AWS identity |
| Effective IAM for AWS: A guide to realize IAM best practices | Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers |
| How to revoke federated users’ active AWS sessions | How to revoke access to specific users’ sessions on AWS assumed roles through the use of AWS IAM policies and SCPs |
Designing¶
| Link | Notes |
|---|---|
| Managing temporary elevated access to your AWS environment | Post discussing temporary elevated access and how it can mitigate risks relating to human access to your AWS environment |
| sensitive_iam_actions | Crowdsourced list of sensitive IAM Actions |
Root Principal¶
| Link | Notes |
|---|---|
| Summit Route Managing AWS root passwords and MFA | How not use the root user account, and how to manage the credentials (password and MFA) for the root user effectively |
| Security Implication of Root principal in AWS | An interesting way of abusing the AWS KMS for data exfiltration in restricted VPCs |
Audit¶
| Link | Notes |
|---|---|
| Summit Route How to audit AWS IAM and resource policies |
|
| Top ten AWS identity health checks to improve security in the cloud | Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes |
Federation¶
GSuite¶
| Link | Notes |
|---|---|
| How to use Google Workspace as an external identity provider for AWS IAM Identity Center | How to set up Google Workspace as an external identity provider (IdP) for AWS IAM Identity Center |