SlideShare une entreprise Scribd logo

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

Amazon Web Services
Amazon Web Services

Learning Objectives: - Understand the identity and access management evolution - Learn best practices for managing AWS root user credentials and Users, Groups, and Roles, especially as the number of users and AWS accounts grow - Better understand identity federation by viewing two demos

1  sur  28
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Greg McConnel, Solutions Architect The Evolution of Identity and Access Management on AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Webinar prerequisites To get the most out of this session, you must be comfortable with several building blocks: AWS IAM Roles Policies AWS STS Long-term Access Keys Temporary Security Credentials
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Root User Users, Groups & Roles Identity Federation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Root User
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Root User
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Root User https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Users, Groups & Roles
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles LANDING ACCOUNT
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Identity Federation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Corporate Identity Identity Provider ……
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation … Directory Group definitions Providers, roles, and policies Automation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda: * Evolution of Identity Management * Identity Federation Primer * Two Demos
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Benefits • Help manage AWS at scale (but you will need automation) • Align corporate user provisioning and de-provisioning with AWS identity and access management • Centralize entitlement management • Ease of access for users
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Benefits Before: Unique credentials Single Sign-on Long-term Access Keys Temporary Security Credentials One-off Aligned with Internal Controls Users Security Compliance After:
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda: * Evolution of Identity Management * Identity Federation Primer * Two Demos
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1 – SAML Federation with ADFS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS https://aws.amazon.com/blogs/security/how-to-set-up-sso-to-the-aws-management- console-for-multiple-accounts-by-using-ad-fs-and-saml-2-0/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2 – AWS SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2: Identity Federation Using SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2: Identity Federation Using SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next Steps • Lock down the Root user • Investigate identity federation using your current identity provider, a 3rd party provider or consider AWS SSO • https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_pro viders_saml_3rd-party.html • https://aws.amazon.com/single-sign-on/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources PowerShell scripts to automate SAML Federation Setup (AD FS 3.0 on Windows Server 2012 R2) https://aws.amazon.com/blogs/security/how-to-set-up-sso-to-the-aws-management-console-for-multiple-accounts-by-using-ad-fs-and-saml-2-0/ Solution to resolve issues with ADFS certificate expiration https://aws.amazon.com/blogs/security/how-to-set-up-uninterrupted-federated-user-access-to-aws-using-ad-fs/ How to install new certificates into ADFS https://blogs.technet.microsoft.com/rmilne/2016/03/21/updating-windows-server-2012-r2-adfs-ssl-and-service-certificates/ PowerShell and SAML https://aws.amazon.com/blogs/security/how-to-set-up-federated-api-access-to-aws-by-using-windows-powershell/ Troubleshooting SAML http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml_view-saml-response.html SAML Information http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html SAML with Shibboleth https://d0.awsstatic.com/whitepapers/aws-whitepaper-single-sign-on-integrating-aws-open-ldap-and-shibboleth.pdf API/CLI Access via SAML (ADFS 2) https://aws.amazon.com/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/ API/CLI Access via SAML (ADFS 3) https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/ AWS CLI tool for getting temp creds via Identity Federation https://github.com/awslabs/awsprocesscreds Okta SAML Federation for CLI/API with MFA https://github.com/oktadeveloper/okta-aws-cli-assume-role Identity federation and AppStream 2.0 https://aws.amazon.com/blogs/compute/enabling-identity-federation-with-ad-fs-3-0-and-amazon-appstream-2-0/ 3rd Party Identity Provider Information http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommandé

Enterprise Applications with Amazon EFS - AWS Online Tech Talks
Enterprise Applications with Amazon EFS - AWS Online Tech TalksEnterprise Applications with Amazon EFS - AWS Online Tech Talks
Enterprise Applications with Amazon EFS - AWS Online Tech TalksAmazon Web Services
 
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...Amazon Web Services
 
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Amazon Web Services
 
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
 
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Amazon Web Services
 
Running Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSRunning Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSAmazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 

Recommandé

Enterprise Applications with Amazon EFS - AWS Online Tech Talks
Enterprise Applications with Amazon EFS - AWS Online Tech TalksEnterprise Applications with Amazon EFS - AWS Online Tech Talks
Enterprise Applications with Amazon EFS - AWS Online Tech TalksAmazon Web Services
 
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...
Transforming Data Lakes with Amazon S3 Select & Amazon Glacier Select - AWS O...Amazon Web Services
 
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Amazon Web Services
 
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
 
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018
Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018Amazon Web Services
 
Running Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSRunning Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSAmazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Boaz Ziniman
 
Migrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWSMigrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWSAmazon Web Services
 
Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech TalksIntroduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech TalksAmazon Web Services
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Amazon Web Services
 
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech TalksImprove Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech TalksAmazon Web Services
 
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPCDEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPCAmazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Amazon Web Services
 
DEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsDEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsAmazon Web Services
 
Serverless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloudServerless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloudAmazon Web Services
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
SRV303 Deep Dive on Amazon EFS
SRV303 Deep Dive on Amazon EFS SRV303 Deep Dive on Amazon EFS
SRV303 Deep Dive on Amazon EFSAmazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Accelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWSAccelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWSAmazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...Amazon Web Services
 
Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3Amazon Web Services
 
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Amazon Web Services
 

Contenu connexe

Tendances

Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Boaz Ziniman
 
Migrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWSMigrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWSAmazon Web Services
 
Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech TalksIntroduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech TalksAmazon Web Services
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Amazon Web Services
 
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech TalksImprove Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech TalksAmazon Web Services
 
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPCDEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPCAmazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Amazon Web Services
 
DEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsDEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsAmazon Web Services
 
Serverless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloudServerless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloudAmazon Web Services
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Accelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWSAccelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWSAmazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...Amazon Web Services
 
Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 

Tendances (20)

Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
 
Migrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWSMigrazione di Database e Data Warehouse su AWS
Migrazione di Database e Data Warehouse su AWS
 
Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech TalksIntroduction to Hybrid Cloud on AWS - AWS Online Tech Talks
Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
 
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech TalksImprove Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
Improve Efficiency by Migrating Messaging to Amazon MQ - AWS Online Tech Talks
 
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPCDEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
DEM05 Reducing Costs and Strengthening Your Security Posture with a Transit VPC
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
 
Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018Module 2 - AWSome Day Online Conference 2018
Module 2 - AWSome Day Online Conference 2018
 
DEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS ExtensionsDEM16 Cisco ACI Anywhere – AWS Extensions
DEM16 Cisco ACI Anywhere – AWS Extensions
 
Serverless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloudServerless: costruire applicazioni native per il cloud
Serverless: costruire applicazioni native per il cloud
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
SRV303 Deep Dive on Amazon EFS
SRV303 Deep Dive on Amazon EFS SRV303 Deep Dive on Amazon EFS
SRV303 Deep Dive on Amazon EFS
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
 
Accelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWSAccelerate and Modernise Microsoft Workload Migrations on AWS
Accelerate and Modernise Microsoft Workload Migrations on AWS
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
 
Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWS
 

Similaire à The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3Amazon Web Services
 
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Amazon Web Services
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...Amazon Web Services
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Amazon Web Services
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceAmazon Web Services
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogAmazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaAmazon Web Services
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsAli Asgar Juzer
 

Similaire à The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks (20)

AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
Foundations: Understanding the Critical Building Blocks of AWS Identity and G...
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
 
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Greg McConnel, Solutions Architect The Evolution of Identity and Access Management on AWS
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Webinar prerequisites To get the most out of this session, you must be comfortable with several building blocks: AWS IAM Roles Policies AWS STS Long-term Access Keys Temporary Security Credentials
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Root User Users, Groups & Roles Identity Federation
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Root User
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Root User
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Root User https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Users, Groups & Roles
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM Users/Groups/Roles LANDING ACCOUNT
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of Identity and Access Management on AWS Identity Federation
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Corporate Identity Identity Provider ……
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation … Directory Group definitions Providers, roles, and policies Automation
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda: * Evolution of Identity Management * Identity Federation Primer * Two Demos
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Benefits • Help manage AWS at scale (but you will need automation) • Align corporate user provisioning and de-provisioning with AWS identity and access management • Centralize entitlement management • Ease of access for users
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation Benefits Before: Unique credentials Single Sign-on Long-term Access Keys Temporary Security Credentials One-off Aligned with Internal Controls Users Security Compliance After:
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda: * Evolution of Identity Management * Identity Federation Primer * Two Demos
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1 – SAML Federation with ADFS
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 1: SAML-Based Identity Federation Using ADFS https://aws.amazon.com/blogs/security/how-to-set-up-sso-to-the-aws-management- console-for-multiple-accounts-by-using-ad-fs-and-saml-2-0/
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2 – AWS SSO
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2: Identity Federation Using SSO
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo 2: Identity Federation Using SSO
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next Steps • Lock down the Root user • Investigate identity federation using your current identity provider, a 3rd party provider or consider AWS SSO • https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_pro viders_saml_3rd-party.html • https://aws.amazon.com/single-sign-on/
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources PowerShell scripts to automate SAML Federation Setup (AD FS 3.0 on Windows Server 2012 R2) https://aws.amazon.com/blogs/security/how-to-set-up-sso-to-the-aws-management-console-for-multiple-accounts-by-using-ad-fs-and-saml-2-0/ Solution to resolve issues with ADFS certificate expiration https://aws.amazon.com/blogs/security/how-to-set-up-uninterrupted-federated-user-access-to-aws-using-ad-fs/ How to install new certificates into ADFS https://blogs.technet.microsoft.com/rmilne/2016/03/21/updating-windows-server-2012-r2-adfs-ssl-and-service-certificates/ PowerShell and SAML https://aws.amazon.com/blogs/security/how-to-set-up-federated-api-access-to-aws-by-using-windows-powershell/ Troubleshooting SAML http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml_view-saml-response.html SAML Information http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html SAML with Shibboleth https://d0.awsstatic.com/whitepapers/aws-whitepaper-single-sign-on-integrating-aws-open-ldap-and-shibboleth.pdf API/CLI Access via SAML (ADFS 2) https://aws.amazon.com/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/ API/CLI Access via SAML (ADFS 3) https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/ AWS CLI tool for getting temp creds via Identity Federation https://github.com/awslabs/awsprocesscreds Okta SAML Federation for CLI/API with MFA https://github.com/oktadeveloper/okta-aws-cli-assume-role Identity federation and AppStream 2.0 https://aws.amazon.com/blogs/compute/enabling-identity-federation-with-ad-fs-3-0-and-amazon-appstream-2-0/ 3rd Party Identity Provider Information http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!