AWS Security Blog
AWS IAM Sessions at re:Invent 2015
As I said last week, the breakout sessions for the Security & Compliance track have been announced and are shown in the re:Invent 2015 session catalog. If you are going to re:Invent 2015, you can add these sessions to your schedule now.
Today, I will highlight the AWS Identity and Access Management (IAM) sessions that will be presented as part of the Security & Compliance track.
SEC302: IAM Best Practices to Live By
In this session, AWS Principal Technical Program Manager Anders Samuelsson will cover IAM best practices, which can help improve your security posture. Anders will cover how to manage users and their security credentials. He’ll also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, Anders will demonstrate when to choose between using IAM users and IAM roles, and explain how to set permissions to grant least privilege access control in one or more of your AWS accounts.
SEC305: Become an AWS IAM Policy Ninja in 60 Minutes or Less
Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is “yes,” this session is for you.
IAM Intelligence Senior Manager Jeff Wierer will take an in-depth look at the IAM policy language. Jeff will start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. Diving deeper, he will explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, Jeff will cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or locking down access to Amazon EC2 instances. This session’s demonstrations will use tools such as the policy editor and policy simulator to debug policies.
SEC307: A Progressive Journey Through AWS IAM Federation Options: From Roles to SAML to Custom Identity Brokers
IAM offers a continuum of interfaces and configuration options that enables customers to integrate their unique organizational identity structure and operational processes with the AWS platform. In this session, AWS Professional Services Senior Consultant Quint Van Deman will evaluate the progressive journey of federation options that most customers go through as they widen their integration with IAM. This will include best practices, lessons learned from the field, and examples of actual customer implementations, covering technologies such as SAML, LDAP, and custom identity brokers.
SEC315: AWS Directory Service Deep Dive
AWS Directory Service enables you to create a new Active Directory domain in AWS with Simple AD or to connect your existing Active Directory domain with AD Connector. AWS Directory Service Senior Technical Product Manager Rob Moncur will show how to use these offerings to domain join and enable single sign-on (SSO) to your EC2 Windows and Linux instances, set up federated access to the AWS Management Console, and use Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail.
In my next post about re:Invent 2015, I will focus on the compliance sessions in the Security & Compliance track.