AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)

  • 🎬 Video
  • ℹ️ Description
Invalid campaign token '7mSKfTYh8S4wP2GW'
AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) 5
Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.

Download — AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)

Download video
💬 Comments on the video

One of the best presentation on IAM, I must say

Author — Ganesh Bhosale


Please how do I access the command line?

Author — Fagbamigbe Kehinde


Great presentation, I was in this room at the re:Invent.

Author — Ranjeet Golkonda


Anywhere to get those policies? Great preso.

Author — Luke J


Brigid, At 47:30 it appears you were allowed to change 'project' = 'sneaky' to 'project' = 'dorky' to bypass restrictions on 'sneaky' project? Did I see that wrong? And at 53:20 it appears to be trivial for Casey to change his principal tag to gain access to whichever project he wants. Is there in fact something that would block a principal from changing their tag? Great deep dive - this gave me a lot more confidence with policies and conditions. Thank you.

Author — Expensive Technology


dont know how many people she help pass the aws orgs portion of csap pro haha

Author — jia chen


Feedback: would be nice to link the resources at the end of the slide in the description.

Author — Fola Bolodeoku


I don't get why she's using a whitelist SCP in her examples when almost nobody uses SCPs that way. They use blacklist SCPs

Author — PioneerX


Good presentatio. Sadly, IAM is an awful product. Your average IT admin can manage this complexity.

Author — cabc74


Good info, but she really needs to stop talking to a room full of adults like they're in kindergarten.

Author — peekguyy