admin least privilege on shared cloud accounts
Post on 11-Jan-2017
102 Views
Preview:
TRANSCRIPT
Self Service Cloud Permissioning Approaches on AWS
Assumptions
Admin
Power
Indirect
Scope of Classifications
Limited
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDB bucket with objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Admin
IAM AWS CloudTrailAWS Config
Power
Amazon SNS Amazon SQS Amazon SES
Amazon RDSDynamoDB
Amazon Lambda Elastic
BeanstalkAWS
CloudFormation
bucket with objects
App group 1 App group 2
App group 3 App group 4
Amazon SNS Amazon SQS Amazon SES
IAM AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDBAmazon Lambda
App group 2
App group 3 App group 4
LimitedApp group 1
Elastic Beanstalk
bucket with objects
Amazon RDS
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudTrailAWS ConfigDynamoDB bucket with
objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Indirect
AWS CloudFormatio
n
Execution Model
Conditions
• cloudformation:TemplateURL• cloudformation:ResourceTypes• cloudformation:StackPolicyURL
top related