IAM Pulse Check #17 - Somethin' Else
Introducing a new IAM Policy catalogRead Issue on Revue
If you’re like me, any time you’re in authoring mode – whether code or content – the first thing you do is spend a good portion of time staring blankly at your screen thinking about where to start. Take this newsletter for instance… I’m 20 minutes in already.
Authoring custom IAM policies can be tedious. There’s a lot of information gathering, documentation referencing, and contextual understanding before even getting to your editor. A key goal for the content we’ve been creating and curating is to be a helper for the cloud engineering role as a whole, with a specific focus on IAM. That, of course, includes authoring mode.To bring somethin’ else to the community, we introduced a new feature to our site this week, the IAM Policy Catalog – a browsable and searchable index of member contributed IAM Policy documents, filtered by providers and services. When it’s time for you craft a custom policy, browse the catalog to see if there’s an example you can borrow. Or if you have a bunch of tips & tricks up your sleeve, you can add your own examples to the catalog. We aim to build a comprehensive catalog of customizable policies that hit any use case, so you can quickly get on your way.
As the examples trickle in from the community, I’ll add highlights to this newsletter. Hopefully we can help save you some time and energy!
IAM checking these out...
This is so cool! With thousands of possibilities, forget memorizing every possible AWS IAM action. Most of us have reference docs bookmarked, but when you’re in your IDE, it’s a pain to constantly hop back and forth. IAM legend Sebastian Bille publishing a VSCode plugin to autocomplete actions. It’s called, wait for it, IAM Legend.
Readers of this newsletter will be familiar with Ian McKay - AWS Community Hero with a suite of helpful open source tools to help you work with IAM, including IAM Dataset and permissions.cloud. Here he joins the Cloud Security Podcast to give a full picture of AWS IAM, and what it takes to get it right in practice. Great listen, great recommendations.
Nick Frichette of Hacking the Cloud fame published a very clever exploit that gets around a recent improvement to AWS GuardDuty. The short of it is that GuardDuty will now notify you of EC2 credentials being used outside of AWS – but this trick gets around that notification by using VPC endpoints. So close.
Alex Smolen from LaunchDarkly is an excellent writer, sharing practical advice in an easy to follow way. While not directly related to IAM, his latest piece about securing GitHub organizations does apply to Infrastructure as Code shops as the service accounts tied to CI/CD pipelines should really follow least privilege access as best you can.
IAM listening to this...
I keep landing at my Blue Note collection for these newsletters – nothing wrong with that. One of the gems of the catalog has to be Somethin’ Else from Cannonball Adderley, featuring quite the cast including Miles Davis, Sam & Hank Jones (no relation), and Art Blakey. Their take on Autumn Leaves is the best version I’ve heard, and the whole album is a strong listen from start to finish. Originally released on Blue Note in 1958, my copy is a second mono edition from 1959. There’s a few identifying markers across the history of the label to know which edition one is, but I try not to get too obsessive over it despite usually being a stickler for original pressings. Just like least privilege access, there’s a “good enough” when it comes to Blue Note.
Get the IAM Pulse Check Newsletter
We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.
Checkout past issues for a sampling of the goods.