Software Alternatives & Reviews

Uncomplicating cloud security — IAM (Part 2)

Recommended and mentioned products

  1. AWS Secrets Manager to Rotate, Manage, Retrieve Secrets

    Inside your accounts, you might have confidential information, such as connection strings, passwords, or secret tokens. Use a secrets management tool like AWS Secrets Manager to have a centralized repository where all the sensitive information lives. A huge benefit of using a managed service like AWS Secrets manager is that you can then easily audit the secret usage history on AWS CloudTrail to have a clear...
  2. Manage access to multiple AWS accounts & business apps

    AWS recommends using IAM Identity Center for organizations or any size and type. What is more likely going to be the case though is that you are only going to find the need for it once you get into the multi-AWS account world. The service provides a comprehensive management layer built on top of the Identity provider which allows for seamless permissions and identity management across accounts and applications.
  3. Cloud Monitoring

    Once you have enforced the rule to set up MFA through your IdP, make sure to set up an AWS Config rule to ensure that your users have followed through and taken the steps to set it up. You can use one of the pre-built AWS Config MFA-based rules and get alerted via email if a user is non-compliant.
  4. Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. It scales to millions of users and supports sign-in with social identity providers and enterprise identity providers via SAML 2.0.

    We can connect a managed service like Cognito to the IdP to serve as an identity source for the users of our application.