AWS re:Inforce 2022 - AWS Identity and Access Management (IAM) deep dive (IAM301)

Рет қаралды 35,418

Күн бұрын

Building secure applications and workloads on AWS means knowing your way around AWS Identity and Access Management (AWS IAM). This session is geared toward the curious builder who wants to learn practical IAM skills for defending workloads and data, with a technical, first-principles approach. Gain knowledge about what IAM is and a deeper understanding of how it works and why.
Learn more about AWS re:Inforce at bit.ly/3baitIT.
Subscribe:
More AWS videos bit.ly/2O3zS75
More AWS events videos bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#reInforce2022 #CloudSecurity #AWS #AmazonWebServices #CloudComputing

Пікірлер: 23

@peterrayson4397 Ай бұрын

Best description I've seen of IAM. Lens of control plane - data plane is key!

@mikeyinger4204 Жыл бұрын

Brilliant use of 'e' to tee up expectations for the session. I've been cutting and trying IAM and stopped here to get a deeper understanding and you delivered much appreciated insight.

@StefanoBorini Ай бұрын

got it. AWS is like Italian red tape.

@faadi4536 Жыл бұрын

This is the first time I've tried to understand what happens when an API call is made to a resource. How granular control we have over who gets what. Presentation was good and it gave a deep insight to where we need to strict the policies and where to not. Kudos Sister.

@saltdomeguy Жыл бұрын

Extremely smart talk! Interesting about the Control and Data Planes. Seldom discussed in AWS especially as pertaining to IAM. Great discussion S3 permissions, which I was recently asked during an interview. Thanks Becky!

@SafetyDelivered Жыл бұрын

I an such a fan of presentations u get all excited just helping others understand when I tell someone about aws I get all enthusiastic teaching new players how we game lol be nice to work with you personally knowing how much anyone could take and run with and if there passionate like us possible outcomes are truly limiless

@chrisadams27 Жыл бұрын

Becky is the greatest!

@maa1dz1333q2eqER 5 ай бұрын

Good talk, thanks!!!

@thorsteinssonh 4 ай бұрын

lol yup differential of exp(x) is itself -- maybe IAM is just as natural, a feature of nature - natural access management :D Like the explanation of the vision behind IAM, the resilience, availability and caching behind it.

@gilbertsenyonjo963 Ай бұрын

I also didnt know that e thing

@michaeljernigan9800 Жыл бұрын

Good stuff, but the guy helping people find a seat was super distracting.

@lmbangel Жыл бұрын

Exactly !! it was annoying, I can imagine it was distracting to her as well.

@shoobidyboop8634 Жыл бұрын

They should hire much shorter people for that job.

@learnpuresecurity Жыл бұрын

need to do everything before class starts .. but difficult to control the mind

@learnpuresecurity Жыл бұрын

I did not understand how the SCP at kzbin.info/www/bejne/j37NZGaKpLhrmas has a Condition with String not equal to the resourceorg id. We not want anyone to put any object to our org so shouldnt that be stringequal instead of not equal ?

@MyLife-uc5wy Жыл бұрын

Hi @gauravrai1205, Original Answer If you see the action = deny, so if the orgid does not match "o-a1b2c3", then deny. Which mean only allow "o-a1b2c3". I would like someone to correct me if I am wrong, would highly appreciate it. Thanks! Edited: I realised 2 hrs later :) , implicit deny will not allow, hence Gaurav's question remains unanswered.

@programming6881 7 ай бұрын

I think boundry policies are meant to filter out. This does not mean you allow.

@gilbertsenyonjo963 Ай бұрын

The Effect is DENY. If the resource id is not equal the organization's resource id, deny the request. Also, the video url at that time is kzbin.info/www/bejne/j37NZGaKpLhrmas