Amazon Web Services
In this AWS re:Invent 2022 session, Eric Brandwine, a distinguished engineer with the Amazon Security team, delves into the complex world of API request authentication at AWS. He explores the evolution of AWS's authentication systems, from early challenges in 2006 to the current state-of-the-art solutions handling over half a billion requests per second. Brandwine explains the intricacies of cryptographic protocols, the development of AWS Signature Version 4, and the innovative use of HMAC for key specialization. He also discusses the creation of short-term credentials and the Secure Token Service, highlighting AWS's commitment to security, scalability, and minimal privilege access. This talk provides a fascinating look into how AWS has tackled the immense challenge of securely authenticating trillions of daily requests across its global infrastructure.