IAM Pulse Check #12 - Regeneration

Returning to a sense of normalcy after an action packed AWS re:Invent

Read Issue on Revue
IAM Pulse Check #12 - Regeneration

Hey folks,

Last week’s AWS re:Invent conference was a return to semi-normalcy for many, myself included. We’ve all spent the past two years trying to keep up appearances virtually, but there’s just no substitution for being in person. While it was rejuvenating in so many ways to connect face to face, a week of that much action (in that place) requires a period of regeneration.

Much of the commentary surrounding the conference was how it was lighter on big, new product announcements, and heavier on big, old enterprise solutions. Nothing about that shift indicates AWS slowing down, though. A recurring theme from AWS in their announcements was simplifications and abstractions based on customer feedback. That’s an indicator of a mature platform and organization.Identity only surfaced in a couple non-keynote announcements, but one thing was evident across all keynotes and conversations – more and more are realizing that IAM truly is the service that ties everything together. It’s no accident that right after talking about the Everywhere Cloud during his keynote, Werner dove into the internals of IAM as a reminder of their scale. “At first, it appears that IAM is relative simple”, he said. We’ve probably all thought that at one point or another… and been wrong. When you see the scale at which they operate – half a billion API calls per second – you can’t help but marvel at the technological feat.

While AWS is responsible for the scale and security of the IAM service, there’s much to be desired still in terms of simplicity and abstractions for the daily user. The identity team has done a great job continuing to push improvements to the core service and surrounding tools like Access Analyzer and the Policy Simulator, and I expect that to continue at a rapid pace. I am biased as a startup founder, but there is certainly room for a 3rd party ecosystem surrounding IAM much like there is other top-level development themes. Because it’s the single service that touches everything, not just within the AWS service catalog, but also everything connected to it. And it’s a 3rd party ecosystem that would flourish by being complementary, not competitive to the core AWS services.

As always, re:Invent was a week of equal parts enlightenment and bewilderment, and a whole extra part of excitement. After my regeneration period, I’m super energized for the community and product we’re building. It’s early on both fronts, but the need is front and center – half a billion times per second! As we head deeper into holiday season, our team is getting ready for a big year, bringing more helpful content and valuable programs to the community.

Cheers,

Ivan

IAM checking these out...

New – Simplify Access Management for Data Stored in Amazon S3 | Amazon Web Services

I was unnaturally excited to read this announcement. S3 ACLs have been around longer than half the attendees. Understanding the distinction between bucket and object policy actions is hard enough, throw in ACLs and you get a whole mess of confusion in terms of ownership and permissions. Taking a "buried deep in the docs" best practice, productizing it, and making it a default is a huge winner in my book.

Amazon S3 console now reports security warnings, errors, and suggestions from IAM Access Analyzer as you author your S3 policies

Another S3 related announcement, this update to Access Analyzer runs a number of checks as you author your S3 policies, bringing strong Shift Left practices to the console. Very nice.

Amazon Virtual Private Cloud (VPC) announces Network Access Analyzer to help you easily identify unintended network access

A logical evolution of Access Analyzer, you can now analyze network traffic in a similar manner as access controls to ensure your security and compliance policies are being met.

AWS re:Invent 2021 - Keynote with Dr. Werner Vogels

Werner’s always famous keynote, fast forwarded to the IAM internals part. He moves fast (even faster at 1.5x speed), but it’s always good to see attention given to IAM on the main stage.

We’ll have to wait until all the session videos are posted on YouTube, but the one I’m looking forward to the most is from Brigid Johnson from the AWS Identity team. We did get to meet and snap a pic in our favorite IAM tees :)

https://twitter.com/checkiampulse/status/1466091294053187590

IAM listening to this...

Stanley Cowell – Regeneration (1976, Gatefold, Vinyl) - Discogs

When you factor in quality, rarity, and depth, Strata East is one of those premier labels at the top. Founded in New York by Stanley Cowell and Charles Tolliver in the early 70s, the label had a signature spiritual jazz funk sound right for the times. Regeneration was Cowell’s second release on the label, and he experiments with a wide range of instruments, vocals, and sounds. The standout track for me is Traveling Man, with killer grooves on a thumb piano of all instruments. The moody vocals hit a chord every time, no pun intended. Cowell passed away last year, but his legacy as an artist and label owner lives on forever.

Get the IAM Pulse Check Newsletter

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.