Conf42: Cloud Native 2021

...

Locking Down the Security of IAM

Josh Stella
CTO @ Fugue

Josh Stella's LinkedIn account Josh Stella's twitter account


If you use Amazon Web Services (AWS), you’re probably making extensive use of AWS Identity and Access Management (IAM). It’s a powerful service for managing access to your AWS services and resources that is almost like a new kind of network in the cloud.

But for enterprise cloud environments, AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved AWS IAM but cannot be chalked up to simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.

In this session, Josh will walk through some of these IAM misconfigurations, using the AWS console to demonstrate to participants how to avoid becoming a victim of cloud exploits through IAM. Josh will dig into AWS IAM and take us on a deep dive into the layers of AWS IAM and how malicious actors can exploit common misconfigurations to gain access to—and extract—data without detection.

You’ll understand how to identify AWS IAM misconfiguration vulnerabilities you’ve missed before—and how malicious actors exploit them.

In this talk, Fugue co-founder and CEO, Josh Stella digs into how AWS IAM works to help you think more critically about the security for your AWS use cases. You’ll understand how to identify AWS IAM misconfiguration vulnerabilities you may have missed before—and how malicious actors exploit them.


Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways