IAM Pulse Check Newsletter

IAM Pulse Check #19 - Summer Dawn

IAM visualization, Shift Left considerations, Terraform examples, AWS IAM Roles Anywhere, and more.

Jul 15, 2022

img

Hey folks,

It's been a few months since my last newsletter – a lot has happened since then! We've been heads double down as a team working on getting our product ready for prime time, and I've been eyes wide open with the arrival of my second child. I couldn't give up building the company in that time, but had to sacrifice the newsletter as a screaming newborn and terrorizing toddler take precedence :)

I'm resuming the weekly cadence going forward – sharing what's top of mind, what we're working on, and the top online resources I come across. Glad to be back!

Cheers,

Ivan at IAM Pulse

From the IAM Pulse Team

Changing AWS S3 Shadow Permissions

A common scenario for teams working with Terraform is trying to answer the question – "what would happen if we made this IAM change?" It's near impossible to derive truths & meaning from inspecting code alone, so let's visualize it! Follow along with a technique that aims to bring clarity to code reviews – the first in a series, more to come.

From the Cloud Community

Ghost of CloudSec Yet to Come

Chris Farris wraps up a 3-part Cloud Security Carol series with an honest look at IaC scanning. "Shift Left" is the right approach, but there is more to cover than just the surface-level checks. It's important to understand the context of the whole environment, and how a change to one thing could impact another.

A Deep Dive into Temporal's Access Control Strategy in AWS

I always appreciate when companies document their evolutionary paths in the cloud. As is often the case with AWS, multi-account environments become difficult to wrangle with. Here the folks at Temporal share their multi-account strategy, with some of the pitfalls along the way.

Use IAM Permission Boundaries with AWS SSO using Terraform

Boundaries are a solid way to implement guard rails in AWS – either at the Organization level via SCPs or User level via Permission Boundaries. But for IaC shops, the API limitations around AWS SSO can make this difficult. In this article, Chris McKinnel shares his technique for creating policies in Terraform and applying to Groups & Roles in AWS.

Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere

A huge announcement from the AWS Identity team, and one that had the Twitterverse going nuts! Roles are a best practice to avoid credential sprawl among other benefits, which you can now extend to workloads outside of AWS. A big move on their part to bring more things into AWS, and a great way to further eliminate those pesky keys. I bet we'll hear more on this in the coming months leading up to re:Invent.

What IAM Listening To

Sahib Shihab - Summer Dawn

It's summer for those of us in the Northern Hemisphere. For some that means beach time, for me living in San Francisco... it doesn't. Thankfully, I can grab gems from the collection like this – a real smooth slice of modal jazz from 1964.

Enjoy this Issue? Subscribe to Get it in Your Email.

See All Past Issues ->
img

Join the beta waitlist

Enter your email to get notified when our product becomes available to try.

Sign Up for the community

Create your member profile to get involved with our content, programs, and events.