🌟 IAM Pulse Check #16 - Happenings

Community member Bhupender Singh from Opstree kicks off a blog series introducing the fundamentals of AWS IAM, pointing out a few of the reasons why it’s such a hard domain to tackle. I look forward to his follow up articles with Terraform examples.

Revisiting this excellent article contributed by Kyler Middleton, who joined our team last week as our Cloud IAM Advocate. As a top notch community contributor, we’re excited and honored to have her on our team!

CI/CD pipelines are one of the most difficult and often overlooked implementations of IAM to get right. On one hand, the intention is for automated services to be able to perform actions in your environments. On the other hand, the level of privilege and entrypoints for escalation are vast. Here’s a great deep dive article from the team at NCC Group, covering 10 scenarios.

This article is from last year, but I just discovered it and it felt timely given the intro, so worth sharing again. Starting as an introductory piece, the focus quickly gets into exploitation paths and tools. If you’re inspired to run your own pentests, this is a great place to start.

Great technical guide from the AWS Security blog on defining ABAC permissions for federated users via AWS SSO. You can create more fine-grained permissions using directory attributes to control access to services like EC2 and Session Manager.

I’ve often thought that if I were to pick up an instrument later in life, it would be the vibraphone… assuming I have enough room in my house to fit one. The instrument has such a beautiful sound that always puts me in a trance. Top 5 vibes players in my book, and most people’s book is Bobby Hutcherson, who had a storied career on Blue Note. This one from 1967 boasts one of the coolest cover designs of the era to match the sounds. Includes an excellent cover of the Herbie Hancock classic, Maiden Voyage.