Uncomplicating cloud security — IAM (Part 2)

1

AWS Secrets Manager

Inside your accounts, you might have confidential information, such as connection strings, passwords, or secret tokens. Use a secrets management tool like AWS Secrets Manager to have a centralized repository where all the sensitive information lives. A huge benefit of using a managed service like AWS Secrets manager is that you can then easily audit the secret usage history on AWS CloudTrail to have a clear picture of who and when secrets were used.

#Identity And Access Management #Identity Provider #SSO 67 social mentions

2

Amazon SSO

AWS recommends using IAM Identity Center for organizations or any size and type. What is more likely going to be the case though is that you are only going to find the need for it once you get into the multi-AWS account world. The service provides a comprehensive management layer built on top of the Identity provider which allows for seamless permissions and identity management across accounts and applications.

#Design Tools #Multi-factor Authentication #Education 24 social mentions

3

AWS Config

Once you have enforced the rule to set up MFA through your IdP, make sure to set up an AWS Config rule to ensure that your users have followed through and taken the steps to set it up. You can use one of the pre-built AWS Config MFA-based rules and get alerted via email if a user is non-compliant.

#Cloud Infrastructure #Cloud Monitoring #Website Monitoring 17 social mentions

4

Amazon Cognito

We can connect a managed service like Cognito to the IdP to serve as an identity source for the users of our application.

#Identity Provider #SAML #Identity And Access Management 63 social mentions