Jan 23, 2022

🌟 IAM Pulse Check #17 - Somethin' Else

By Ivan Dwyer • Issue #17 • View online

Hey folks,

If you’re like me, any time you’re in authoring mode – whether code or content – the first thing you do is spend a good portion of time staring blankly at your screen thinking about where to start. Take this newsletter for instance… I’m 20 minutes in already.

Authoring custom IAM policies can be tedious. There’s a lot of information gathering, documentation referencing, and contextual understanding before even getting to your editor. A key goal for the content we’ve been creating and curating is to be a helper for the cloud engineering role as a whole, with a specific focus on IAM. That, of course, includes authoring mode.

To bring somethin’ else to the community, we introduced a new feature to our site this week, the IAM Policy Catalog – a browsable and searchable index of member contributed IAM Policy documents, filtered by providers and services. When it’s time for you craft a custom policy, browse the catalog to see if there’s an example you can borrow. Or if you have a bunch of tips & tricks up your sleeve, you can add your own examples to the catalog. We aim to build a comprehensive catalog of customizable policies that hit any use case, so you can quickly get on your way.

As the examples trickle in from the community, I’ll add highlights to this newsletter. Hopefully we can help save you some time and energy!

Cheers,

Ivan

Reminder - we’re running a survey to help drive our content and programs for the year. We’d love your perspective!

IAM checking these out...

IAM Legend - Visual Studio Marketplace

This is so cool! With thousands of possibilities, forget memorizing every possible AWS IAM action. Most of us have reference docs bookmarked, but when you’re in your IDE, it’s a pain to constantly hop back and forth. IAM legend Sebastian Bille publishing a VSCode plugin to autocomplete actions. It’s called, wait for it, IAM Legend.

marketplace.visualstudio.com • Share

AWS IAM Getting Started — CLOUD SECURITY PODCAST - TOP RANKED CYBER SECURITY PODCAST

Readers of this newsletter will be familiar with Ian McKay - AWS Community Hero with a suite of helpful open source tools to help you work with IAM, including IAM Dataset and permissions.cloud. Here he joins the Cloud Security Podcast to give a full picture of AWS IAM, and what it takes to get it right in practice. Great listen, great recommendations.

www.cloudsecuritypodcast.tv • Share

GitHub - Frichetten/SneakyEndpoints: Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints

Nick Frichette of Hacking the Cloud fame published a very clever exploit that gets around a recent improvement to AWS GuardDuty. The short of it is that GuardDuty will now notify you of EC2 credentials being used outside of AWS – but this trick gets around that notification by using VPC endpoints. So close.

github.com • Share

Securing GitHub organizations. If your security team is concerned… | by Alex Smolen | Jan, 2022 | Medium

Alex Smolen from LaunchDarkly is an excellent writer, sharing practical advice in an easy to follow way. While not directly related to IAM, his latest piece about securing GitHub organizations does apply to Infrastructure as Code shops as the service accounts tied to CI/CD pipelines should really follow least privilege access as best you can.

alsmola.medium.com • Share

IAM listening to this...

Cannonball Adderley – Somethin' Else (1959, Vinyl) - Discogs

I keep landing at my Blue Note collection for these newsletters – nothing wrong with that. One of the gems of the catalog has to be Somethin’ Else from Cannonball Adderley, featuring quite the cast including Miles Davis, Sam & Hank Jones (no relation), and Art Blakey. Their take on Autumn Leaves is the best version I’ve heard, and the whole album is a strong listen from start to finish. Originally released on Blue Note in 1958, my copy is a second mono edition from 1959. There’s a few identifying markers across the history of the label to know which edition one is, but I try not to get too obsessive over it despite usually being a stickler for original pressings. Just like least privilege access, there’s a “good enough” when it comes to Blue Note.

www.discogs.com • Share

From the depths of my personal collection

Did you enjoy this issue?

By Ivan Dwyer

Quick bite commentary and curation to help wrangle the complexities of cloud operations & security. Also puns and tunes.

Tweet

Share

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Okta Inc. 100 1st St. San Francisco, CA 94105.