New AWS::IAM::UserPolicy

Use the AWS::IAM::UserPolicy resource to specify an inline policy document that is embedded in the IAM user.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-userpolicy.html #iam #cloudformation

New AWS::IAM::RolePolicy

Use the AWS::IAM::RolePolicy resource to specify an inline policy document that is embedded in the IAM role.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-rolepolicy.html #iam #cloudformation

New AWS::IAM::GroupPolicy

Use the AWS::IAM::GroupPolicy resource to specify an inline policy document that is embedded in the IAM group.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-grouppolicy.html #iam #cloudformation

@thijs BYOD. As an organization don't build your security on physical security, or client security. Not even on network security. Security needs only to be based on logical access control, making it scalable. Provided that you can restrict access to browser-based functionality ;-)

In fact, our company is ISO27K compliant with most Ch11 and Ch13 controls not applicable ...
#IAM :)

I wonder if anyone else out there has considered using Amazon Cognito for basic AWS console access? Given the lack of APIs, and complexity of AWS SSO.

May be worth it, especially with the new WAF integration, and more flexibility for authentication? #AWS #IAM

Okay. Ordinarily, I do not rant. However, this time …

Cᴀɴ ꜱᴏᴍᴇᴏɴᴇ(ꜱ) ᴀᴛ #AWS ꜰɪx ᴛʜe #ᴏᴜᴛᴅᴀᴛᴇᴅ #ꜰʀᴇᴇ #ʟᴀʙꜱ?!?

At some junctures, instructions do not match the #AWSConsole. At others, the instructions become momentarily vague, i.e., adding users within a #IAM Identity Center without differentiating prior user dependencies or not, thereby breaking the lab continuation.

https://www.wellarchitectedlabs.com

https://github.com/awslabs/aws-well-architected-labs/blob/main/CONTRIBUTING.md

#GitHub #education #practice

At #EIC2023 one of my all time #IAM heroes, Mike Jones from #microsoft gave a wonderful presentation about the developments in digital #identity from around 2005 onwards. His slidedeck is now available from hos website at https://self-issued.info/?p=2345

#idpro #digitalidentity

Passkeys gets more traction for Passwordless Authentication by a major Google upgrade

https://www.esecurityplanet.com/applications/google-passkeys/

#digitalidentity #authentication #infosec #IAM #idpro

RT @Scaleway
#IAM (Identity Access Management) was live for 8 months at Scaleway without you realizing it! Check out this article from Olivier Cano, where he'll explain the history of IAM at Scaleway & our database implementations 👉 http://ow.ly/m93K50NW9qq

In this new multiple-MFA world, do #AWS #IAM recommend against giving users iam:DeleteVirtualMFADevice under any circumstance? The sample policies such as https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage-mfa-only.html don't include it, even with a Condition requiring (a different, since the targeted MFA would have to be deactivated before deleting) MFA.

Remember how CaptialOne got hacked? Combination of insider info, SSRF, and no native way to prevent IAM creds vended on an EC2 instance from being used outside of it (https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/).

And, four years later, here it comes: A native IAM way to prevent EC2 instance credentials exfiltration → https://aws.amazon.com/blogs/security/how-to-use-policies-to-restrict-where-ec2-instance-credentials-can-be-used-from/

Now, please for Lambda and ECS/Fargate, too!

#aws #iam #security

Secure-Access-Service-Edge

Interview mit Sysob

#AccessManagement @CatoNetworks#CloudSecurity #Cybersecurity #IAM #Identity #ITSecurity #NetworkSecurity #Netzwerksicherheit #SASE #SecureAccessServiceEdge #Security #SecurityCloud #SSE
@Sysob

https://youtu.be/GLnaAoGu2wM

Today we posted a blog about #holacracy and #IAM / #RBAC. There are some challenges in managing authorizations in non-hierarchical environments. We are working on solving some of these issues, but we're not done yet. Anyway, enjoy the read!

https://www.sonicbee.nl/en/working-holocratic-and-iam-that-doesnt-work-together-does-it/
#idpro #digitalidentity #infosec

Today we posted a blog about #holacracy and #IAM / #RBAC. There are some challenges in managing authorizations in non-hierarchical environments. We are working on solving some of these issues, but we're not done yet. Anyway, enjoy the read!

https://www.sonicbee.nl/en/working-holocratic-and-iam-that-doesnt-work-together-does-it/
#idpro #digitalidentity

I wrote a blog post about the new #NIS2 #cybersecurity directive of the #EU. The topic of #IAM (Identity and Access management) is not explicitly mentioned and I feel that this topic just needs a little extra attention

https://www.sonicbee.nl/en/nis2-needs-iam-even-though-it-is-not-mentioned/

#digitalidentity #idpro #infosec

I write a blog post about the new #NIS2 #cybersecurity directive of the #EU. The topic of #IAM (Identity and Access management) is not explicitly mentioned and I feel that this topic just needs a little extra attention

https://www.sonicbee.nl/en/nis2-needs-iam-even-though-it-is-not-mentioned/

#digitalidentity #idpro #infosec

@kurtsh yes I'm quite worried / suspicious about the future of three recently acquired #IAM vendors...

Half past 7, December 1st, delivery of the 2 Years of SonicBee.nl celebration cake 🥰
#iam consultancy

Every SaaS app user and login is a potential threat; whether it’s bad actors or potential disgruntled former associates, identity management and access control are crucial to prevent unwanted or mistaken entrances to the organization’s data and systems. Read more: https://cybersec.adaptive-shield.com/s/use-case-series-identity-and-access-management-governance-5884 #IAM

@jerry Hi Jerry, I felt so welcomed by you and the other #fediverse old-timers. Thank you. Thank you so much.
I identify myself as an #identity (as in #IAM) person, considering #infosec as a side/tangent community I can't ignore but I don't identify directly in it.
Except for when I read your post. When I read your post I feel welcome in this community and I want to be part of it.
Thank you.