Share this page!

Brigid Johnson Profile picture
Twitter logo
7 Apr, 12 tweets, 3 min read
🍪IAM Access Analyzer has a new treat for all you permission setters out there in #AWS land.🍪Now, Access Analyzer generates policies based on your CloudTrail activity. (1/11)
amzn.to/3wzIJlR
We all know that when you starting building in development, you probably start with broader permissions since you may not know what you need...yet. But you need to shrink those permissions as you move to production. For this part, you can call on Access Analyzer! (2/11)
🔍After you’ve run your workload. You give us the role for your workload, your CloudTrail trail, and a date range. Then Access Analyzer does what it does best...analyzes! 🔍 (3/11)
Access Analyzer generates a policy with action-level permissions for 16 rather popular services. Such as EC2, Lambda, IAM, and S3. For the others, we tell you if the service was used and you can specify the actions. (4/11)
We are actively working on generating action-level policies across more services. Stay tuned! (5/11)
Okay so now that you know what it does. Here are my top5⃣reasons why this is a big deal for permissions in AWS. Here we go! (6/11)
1⃣ Access Analyzer generates fine-grained policies guiding you to set least privilege permissions based on what you actually need. (7/11) Image
2⃣ Policies adhere to the IAM policy language for each AWS service. You can request policies that include resource level templates. This makes it easier to specify resource-level permissions. (8/11) Image
3⃣Access Analyzer does the heavy lifting🏋️‍♀️for you to analyze what you actually need based on your CloudTrail activity. This helps you get to the right permissions sooner and at no additional cost. (9/11)
4⃣Customers tell us they want to “shrink wrap” their permissions. Access Analyzer now sets you up for success to do this for your workloads. (10/11)
5⃣Access Analyzer now helps you generate fine-grained policies, validate policies, and review public and cross account access. We got your back each step of the way! 👏👏👏
Congrats to the team! 🥳🎉🍾

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Brigid Johnson

Brigid Johnson Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bjohnso5y

Brigid Johnson Profile picture
16 Mar
Authoring secure and functional policies just got a lot easier with over 100 policy checks from Access Analyzer. Here is why this launch 🚀is a game changer (1/12) Image
The checks help you DURING policy authoring either in the IAM console or as part of your policy workflows with the API. (2/12) Image
There are 4⃣ types of checks including security warnings, errors, general warnings, and suggestions that guide your policy authoring. (3/12)
Read 12 tweets
Brigid Johnson Profile picture
10 Mar
🤠Y’all will want to check this new feature from Access Analyzer out. Here are my reasons why…(1/8)
amzn.to/3vbu5k3
You can now preview public and cross account findings BEFORE you deploy resource permissions. (2/8) Image
This validates your permissions changes, giving you confidence the change grants only intended access. (3/8)
Read 9 tweets
Brigid Johnson Profile picture
23 Nov 19
@AWSIdentity just supercharged🔌attribute-based access control (ABAC) by adding session tags😱. This is a powerful capability and here are all the reasons why (1/9) aws.amazon.com/blogs/aws/new-…
@AWSIdentity Session tags enable you to pass attributes from your IdP to role sessions. This means your identity no longer goes “poof”🌬️when you federate into AWS (2/9)
@AWSIdentity You can use session tags for access control and they act just like principal tags. This means your identity provider becomes the source of truth for access control in AWS (3/9)
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bjohnso5y has new unrolls!

Check out other threads from @bjohnso5y!

Read all threads by @bjohnso5y