44. Permissions Management in AWS
• Innovation is enabled by composition of multiple services,
but . . .
45. Permissions Management in AWS
• Innovation is enabled by composition of multiple services,
but . . .
• Complex and sophisticated policy language with many
conditions
46. Permissions Management in AWS
• Innovation is enabled by composition of multiple services,
but . . .
• Complex and sophisticated policy language with many
conditions
• 2500+ individual API calls
47. Permissions Management in AWS
• Innovation is enabled by composition of multiple services,
but . . .
• Complex and sophisticated policy language with many
conditions
• 2500+ individual API calls
• New services/features released weekly
60. Dirty Laundry’s Approach
• Unix-like philosophy - execute task, return results, process,
iterate
• Example: find all new ELBs, run a basic security scan
against them, return results
61. Dirty Laundry’s Approach
• Unix-like philosophy - execute task, return results, process,
iterate
• Example: find all new ELBs, run a basic security scan
against them, return results
• Example: for all Netflix employees with GitHub accounts,
search their public repos for security issues, return results
74. Takeaways
• Security teams can leverage the high-velocity development
ecosystem
• Shared history provides both lessons and input to
development
75. Takeaways
• Security teams can leverage the high-velocity development
ecosystem
• Shared history provides both lessons and input to
development
• Use engineering native workflows
76. Takeaways
• Security teams can leverage the high-velocity development
ecosystem
• Shared history provides both lessons and input to
development
• Use engineering native workflows
• Strive to make security more integrated and ubiquitous
while also improving other system characteristics