Source: thenewstack.io
DIY Access Security for Amazon Web ServicesCategory: Database, Security, Data, encryption, automation
By now, most security professionals are familiar with the cloud shared responsibility model. At its core, it means cloud service providers (CSPs) are responsible for the security of the cloud and customers are responsible for securing the data they put in the cloud.
To understand how to evaluate and untangle user and application permissions in AWS, let’s look at some common scenarios and concepts including role rightsizing, role splitting, and role chaining.
Continuing with this example, the next step would be to limit the permissions of this role so it only provides access to MySQL resources, and not all resources that belong to the RDS service type.
The challenge now is to determine whether each of these two applications requires access to all of the resources defined within the role and what type of access is “actually” needed in order to adjust the permissions as required.
To understand how to evaluate and untangle user and application permissions in AWS, let’s look at some common scenarios and concepts including role rightsizing, role splitting, and role chaining.
Continuing with this example, the next step would be to limit the permissions of this role so it only provides access to MySQL resources, and not all resources that belong to the RDS service type.
The challenge now is to determine whether each of these two applications requires access to all of the resources defined within the role and what type of access is “actually” needed in order to adjust the permissions as required.
Related Articles
Community Partners
DevOps Careers