Security Services for IAM
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey, everybody and welcome back.
00:00
In this lesson, we're going to be talking about
00:00
security services for IAM.
00:00
More specifically, it's going to be
00:00
like the specific tools that we'll be
00:00
covering that you can take advantage of within IAM.
00:00
IAM is already a security tool
00:00
in itself for security service,
00:00
but there's specific things in
00:00
there that I think you'll find pretty helpful.
00:00
This is going to be a short one.
00:00
The two that I want to really talk about is
00:00
IAM credentials report and IAM
00:00
access reports. What are they?
00:00
IAM credentials report is something that looks at
00:00
all the user accounts that are
00:00
created under a specific AWS accounts.
00:00
When you open an AWS accounts
00:00
and you create multiple users,
00:00
this gives you a high level view
00:00
of what's there and when they were last use.
00:00
Now, quick personal story.
00:00
I actually use this when I was
00:00
working on a federal government projects.
00:00
Because when you're working under
00:00
the Fed ramp or negotiator and 53,
00:00
there's certain requirements depending on
00:00
the risk level of the Cloud environment or the project.
00:00
Like if it's a Fed ramp,
00:00
high, medium or low,
00:00
there's certain requirements that actually tell
00:00
you to like you have
00:00
to groom the accounts
00:00
that have been registered with the AWS account,
00:00
the various user accounts.
00:00
You have to groom them and make sure that
00:00
anything that has not been accessed has
00:00
been deleted after certain amount of time.
00:00
For example, if a user account was created
00:00
a year ago and was never used for 365 days,
00:00
then the requirement could
00:00
say that that particular user account
00:00
must be deleted because it has not been accessed.
00:00
The reason why that's important is because we
00:00
want to make sure that we're
00:00
hardening our Cloud environment.
00:00
Part of hardening or Cloud environment is getting rid of
00:00
any points of entry that might have been forgotten about,
00:00
that could be later used by a hacker or by
00:00
threat actor to come in and penetrate the environment,
00:00
to steal data, to use
00:00
the services maliciously, whatever it is.
00:00
That's just one personal example that I saw.
00:00
In this environment we
00:00
had to go in, we had to clean it up.
00:00
I think there was like 30 different
00:00
user profiles that needs
00:00
to be removed because no one had
00:00
been accessing them or using them.
00:00
We leveraged the IAM
00:00
credential report in order to do that,
00:00
which was super handy.
00:00
The IAM access report is similar in a sense,
00:00
that's like when we were talking about IAM credential
00:00
reports this was when
00:00
the user profile was created and the accounts,
00:00
the access reports helps us determine what permissions
00:00
were given to the user and
00:00
when those permissions were last used.
00:00
Why is this important?
00:00
Because we can comb through all of our user accounts,
00:00
all of our user profiles
00:00
within the AWS account to help us
00:00
determine the principle of
00:00
least privilege for all of these are accounts.
00:00
This is, again, hardening
00:00
our Cloud environment by making sure that
00:00
users are only accessing
00:00
the things that they need access to.
00:00
One way to determine this
00:00
is by looking at their access patterns.
00:00
If you have a user profile who's actively working in
00:00
the Cloud and you
00:00
see them accessing particular services,
00:00
you know, that they need
00:00
access to that because that's
00:00
what they're doing with their day job.
00:00
But if they have permission to access something else,
00:00
but they never access it and you can determine
00:00
that using the access report here,
00:00
then it's okay to go ahead and cut it off.
00:00
Now, I do advice,
00:00
mentioning it to their manager saying, "Hey, listen,
00:00
Joey over here hasn't been accessing Elastic Beanstalk,
00:00
but yet he has the permission for it.
00:00
Can we go ahead and cut off his access
00:00
because last 90 days he's never touched it?"
00:00
Typically they'll say yes.
00:00
There are times when they'll say no
00:00
and in those times it's good to
00:00
always bring it up with the security team.
00:00
Maybe with the higher-up manager,
00:00
not the direct manager,
00:00
but maybe two levels above,
00:00
to raise awareness and say,
00:00
we might need to have a broader meeting to discuss
00:00
whether or not this particular user or
00:00
maybe this particular team needs to have access to
00:00
other services that they do not access,
00:00
but we do see it here in the access report.
00:00
Just to give you some tips on how
00:00
to handle that when you're
00:00
hardening and Cloud environment.
00:00
This was a quick one, like I said, to summarize,
00:00
we did a brief review of
00:00
some security tools so you can take advantage of when it
00:00
comes to access controls and
00:00
identity management within AWS.
00:00
Hope you found this helpful if you have any questions or
00:00
you're looking to learn a
00:00
little bit more, feel free to reach out.
00:00
If not, I'll see you in the next lesson.
Up Next
Module 3 Conclusion
5m
How to Create an EC2 Instance
1h 3m
Similar Content
