cloudonaut
Home Blog Podcast Books & Video Courses Support us
Subscribe

Tag iam

Defining IAM Policies with Terraform safely

Defining IAM Policies with Terraform safely

Are you still defining IAM policies using heredoc syntax (<<EOF ... EOF) or jsonencode()? You can do better! As a result, terraform validate can tell you about typos before you apply them, and you get better auto-complete support from your IDE. Re...

Read more
How to configure SAML for AWS SSO?

How to configure SAML for AWS SSO?

AWS SSO is a great way to grant engineers access to AWS accounts. By default, AWS SSO comes with a built in user database. However, it is also possible to configure identity federation via SAML. Doing so allows you to re-use existing users and groups. ...

Read more
Have you replaced IAM Users with AWS SSO yet?

Have you replaced IAM Users with AWS SSO yet?

The most secure option to isolate workloads from each other is to use multiple AWS accounts. Many organizations use different AWS accounts for testing and production, for example. The more AWS accounts you use, the more complicated it gets to manage use...

Read more
Record AWS API calls to improve IAM Policies

Record AWS API calls to improve IAM Policies

Have you ever looked at an IAM policy and wondered: Is it really necessary to grant access to this specific action? Or do you need to know which API calls a legacy or 3rd party application is actually sending to come up with a secure IAM policy? CloudTr...

Read more
Use multiple AWS accounts, but keep it simple!

Use multiple AWS accounts, but keep it simple!

Getting started with AWS is a challenge. Unlimited possibilities, competing solutions, and distractions. Even the first step to create an AWS account requires careful planning. AWS marketers promote the AWS Landing Zone solution. Consulting partners add...

Read more
Show your Tool: Parliament

Show your Tool: Parliament

In this series, we present AWS tooling from the community for the community. We talk directly with the tool makers. Who are they? What problem does the tool solve? And what motivates them to contribute to open-source AWS tooling. This time, we talk wit...

Read more
Show your Tool: Jenkins Pipeline Step Plugin for AWS

Show your Tool: Jenkins Pipeline Step Plugin for AWS

In this series, we present AWS tooling from the community for the community. We talk directly with the tool makers. Who are they? What problem does the tool solve? And what motivates them to contribute to open-source AWS tooling. This time, we talk wit...

Read more
Show your Tool: awsume

Show your Tool: awsume

In this series, we present AWS tooling from the community for the community. We talk directly with the tool makers. Who are they? What problem does the tool solve? And what motivates them to contribute to open-source AWS tooling. This time, we talk wit...

Read more
EC2 Instance Connect is an insecure default!

EC2 Instance Connect is an insecure default!

Two months before, Michael wrote about why AWS SSM is a trojan horse. Shortly after that, AWS released EC2 Instance Connect, which is even worse. If you use Amazon Linux 2 or Ubuntu, the chances are high that everyone in your AWS account can SSH into ev...

Read more
AWS SSM is a trojan horse: fix it now!

AWS SSM is a trojan horse: fix it now!

Recently, I held a security workshop together with a team of engineers. At some point, the team demonstrated how they use AWS Systems Manager (SSM) to run commands on a machine. What the team didn’t know: they enabled a backdoor that allows everyone wit...

Read more