IAM Pulse Check #5 - Take Five
Shaking things up with new rhythms and approaches with a Brazilian flareRead Issue on Revue
Dave Brubeck’s most famous track, Take Five, stands out for its 5/4 time signature, an adventurous meter for the time. He wanted to shake things up – and he did just that, inspiring more artists to explore new rhythms.
New projects, regardless of size and scope, are always adventurous. With IAM Pulse, we also want to shake things up by shining light on a domain that needs it, and elevating those who deserve it. I saw a Tweet yesterday that reminded me of the spirit behind our brand identity when we first started this project.
There is purpose behind the name IAM Pulse beyond the obvious descriptor (and endless puns) – it’s a nod to Impulse Records, a major jazz record label from the 60s to today. Alongside fellow jazz labels of the time like Blue Note and Prestige, Impulse had its own aesthetic and sound. Some of John Coltrane’s best work came from his time with Impulse.
However, for every John Coltrane, there’s 99 unknown session players from that era who showed up and did the work, but didn’t get much shine or credit. I see parallels between jazz and the IT/Security field right there. When I think about the community we aim to build and foster, it’s for the 99 people showing up and doing the work.
Then there’s the craft – the cloud is a dynamic environment, and needs professionals who can adapt to changes on the fly. You can tell when a musician only knows how to follow the notes on a page, just like you can tell when an engineer only knows how to turn the knobs from the instructions. Mastery comes from a fundamental understanding of the underlying principles, and a whole lot of practice.
So whether your style is aggressive like Coltrane or smooth like Miles, let’s play together!
IAM checking these out...
Because there are so many ways to generate, store, and use AWS credentials, it’s easy to get tripped up. This reference post does a great job covering all of the methods, and how credentials are used across services. A good one to bookmark!
This excellent practice tool is a great way to learn the various paths that can lead to an unwanted privilege escalation. Includes well organized Terraform modules and easy to follow setup docs. This covers a lot of ground – granting permissions to other users, assuming roles with elevated permissions, attaching permissions to policies that allow granting more permissions, dangerous service actions, and more. This was released a few weeks ago, but I wanted to dedicate the time to going through it. Absolutely worth it.
As a follow up to the previous post, this article breaks down the various escalation paths against 4 popular open source tools to detail their respective coverage areas. A thorough analysis that undoubtedly took a lot of time. My next task is to go through each of the tools in depth against my new IAM Vulnerable environment!
IAM reading from the community...
As the oldest service in the AWS catalog, with the widest reach across uses, it should still be no surprise that there are leaky buckets out there with sensitive customer data exposed. The big ones we read about weekly, but there’s plenty more, and likely a lot left undiscovered. This article breaks down the various methods of attaching policies to S3 buckets with recommendations based on the use case. Essential stuff.
Here’s a clever trick using a field specific to CloudFormation named “Serial”. Programmatically creating IAM users will create a new Access Key, but if you don’t stay on top of them, you could quickly find yourself in a sprawl situation. Adding the “Serial” field as a numeric value will automatically rotate the Access Key on increment, so you can quickly setup periodic automation to do just that. Nice one!
Now there’s an article title that speaks to me! If AWS IAM is new territory for you, here’s a quick primer and step-by-step guide.
IAM listening to this...
It would have been too easy for me to pull out a Dave Brubeck - Time Out from the collection. I have to keep up with the obscure releases for this newsletter. Thankfully, I have just the one! A highly underrated and surprisingly difficult find is Brazilian guitarist Geraldo Vespar’s album Take 5 from 1964. Along with an excellent bossa nova cover version of the title track, there’s a few heavy hitting vocal tracks. My record collection is probably 80% from Brazil, so it’s great to get to use one for the newsletter. Hard with the language difference!
Get the IAM Pulse Check Newsletter
We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.
Checkout past issues for a sampling of the goods.