AWS IAM Access and Elevation
by: Kenneth Winner, Trek10
Securing AWS accounts isn’t always easy. A well-established best practice for IAM is to centralize your users in either a special “IAM only” AWS account or through some user store and SSO service outside of AWS (i.e. Active Directory or Okta) and then use cross-account roles with various access levels to access your organization’s AWS accounts. However, this does not cover defining who has access to what roles and in what accounts/organizations.
Our solution is temporary elevation. Instead of asking for access every day for weeks they can request the max time but if it’s only for a day or a few hours then that is what they get.
12:00p - 12:10p Introductions/Order Food
12:10p - 12:40p Presentation by Ken Winner
12:40p - 12:50p Q&A
12:50p - 1:00p Networking/Pay your Bill