AWS re:Inforce 2019: Scale Permissions Management in AWS w/ Attribute-Based Access Control (SDD350)

Рет қаралды 15,806

Күн бұрын

Central administrators need scalable mechanisms to set granular permissions as their organizations grow. In this session, we discuss how to scale permissions management by relying on workforce and resource attributes. We introduce attribute-based access control (ABAC) and share how AWS enables you to author permission rules that scale with your organization to simplify permissions management. We share best practices for using tags to implement ABAC; we demonstrate how administrators can create policies and govern tags to grant developers access to AWS resources in their projects; and we show how permissions automatically apply as developers add resources to their projects. It is assumed that attendees are familiar with AWS permissions.
Complete Title: AWS re:Inforce 2019: Scale Permissions Management in AWS with Attribute-Based Access Control (SDD350-R)

Пікірлер: 9

@amonza 5 жыл бұрын

I think this was my favorite talk at Re:inforce. Brigid did a great job of presenting the material and gave me a lot to think about to up my IAM game. I just have to figure out how to justify labeling the project to move to us to ABAC as “Pickles”.

@awstudyltd.1921 5 жыл бұрын

Always bright and energetic!

@FredDamstra 5 жыл бұрын

Great presentation. Is it required to limit the additional tags that are allowed? It seems extraneous to the policy, and not something I particularly care about (if developers want to use tags for their own purposes, why not let them?). But is there some reason why there must be a limited list of allowed tags for this to work?

@bjohnso5murphy 5 жыл бұрын

You can allow developers to tag with any other tag. Make sure to lock down them modifying or adding access control tags.

@FredDamstra 5 жыл бұрын

@@bjohnso5murphy So is the "ForAllValues" condition necessary at all on the slide at 22:17?