AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)

  • 🎬 Video
  • ℹ️ Description
AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) 5

Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.

💬 Comments on the video

One of the best tutorial videos on IAM policies I've come across ! If Brigid creates an AWS course lessons, I'd blindly sign up for it !

Author — Mayank Agarwal


Great presentation, I was in this room at the re:Invent.

Author — Ranjeet Golkonda


Great tutorial! Please keep adding more!

Author — Lone_Warrior


Great Presentation. Would you post your slide in a gist so that we can make use of them? Thanks. J.N

Author — confused


One of the best presentation on IAM, I must say

Author — Ganesh Bhosale


Anywhere to get those policies? Great preso.

Author — Luke J


Feedback: would be nice to link the resources at the end of the slide in the description.

Author — Fola Bolodeoku


Please how do I access the command line?

Author — Fagbamigbe Kehinde


dont know how many people she help pass the aws orgs portion of csap pro haha

Author — jia chen


Brigid, At 47:30 it appears you were allowed to change 'project' = 'sneaky' to 'project' = 'dorky' to bypass restrictions on 'sneaky' project? Did I see that wrong? And at 53:20 it appears to be trivial for Casey to change his principal tag to gain access to whichever project he wants. Is there in fact something that would block a principal from changing their tag? Great deep dive - this gave me a lot more confidence with policies and conditions. Thank you.

Author — Expensive Technology


is the slide available the you tube video hard to read

Author — Leo Y


Not to ding Brigid. She did a good job. But the only thing going through my mind as I watch this is "This is batshit crazy". Figuring out how and why access was denied shouldn't need an n dimensional truth table. I get that this has grown organically but what we have now is a monster of Frankenstein proportions.
I realize that Google has the advantage of starting out later and not making the same mistakes. And that their offering is significantly less complex than AWS. But GCP IAM is a lot simpler and easier to understand. They have also done a much better job with BigTable than DynamoDB. It's crazy that implementation details dictate how I choose partition keys. And many cross region replication are a lot more transparent.
At this point, Amazon needs to figure out how to simplify some of this stuff. IAM in particular. Otherwise, AWS is going to collapse under its own weight.

Author — os2baba


I'm guessing "is awesome" didn't show up as a name at 47:50 because tags are case sensitive? Just thought I'd point this out in case in anyone else was confused like I was.

Author — mountain scott


Tech Industry: "Diversification is important and a priority for us!!"

Also tech industry: 22:21


Author — Shon M.


I don't get why she's using a whitelist SCP in her examples when almost nobody uses SCPs that way. They use blacklist SCPs

Author — PioneerX


Very bad way of teaching. Don't say you are teaching, you are just checking some folks who know already that's it.

Author — My Garden


Good presentatio. Sadly, IAM is an awful product. Your average IT admin can manage this complexity.

Author — cabc74


Good info, but she really needs to stop talking to a room full of adults like they're in kindergarten.

Author — peekguyy