Share this page!

Mark Nunnikhoven Profile picture
Twitter logo
6 Oct, 7 tweets, 7 min read
the biggest disappointment I have with @awscloud IAM is that people don't use it like a dynamic system

permissions are still granted on/off, very few teams add a time component in there but they are starting to with roles

...I think there's more there

🧵☁️ #cloud #security
of course, that tweet probably gave @ben11kehoe a heart attack (sorry Ben!)

...on that note, Ben just published ANOTHER fantastic post on @awscloud IAM, he's on a roll lately

🧵☁️ #cloud #security
"Never put AWS temporary credentials in the credentials file (or env vars)—there’s a better way", by @ben11kehoe

the title says it all, but in the post he dives into the why and what might be better ways for you

ben11kehoe.medium.com/never-put-aws-…

🧵☁️ #cloud #security
"AWS IAM Permission Boundaries Has A Caveat That May Surprise You", by @ben11kehoe

the only surprise here was the limitation of "A" caveat. I guarantee there are more hidden edges in there

ben11kehoe.medium.com/aws-iam-permis…

🧵☁️ #cloud #security
"I Trust AWS IAM to Secure My Applications. I Don’t Trust the IAM Docs to Tell Me How.", by @ben11kehoe

amazing title. having just read the docs for an edge case, I took it to ❤️ & "hopefully" provided the correct answer...

ben11kehoe.medium.com/i-trust-aws-ia…

🧵☁️ #cloud #security
"AWS Authentication: Principals in AWS IAM", by @ben11kehoe

an excellent overview of all things "principals". @awscloud should just merge this one into the docs

ben11kehoe.medium.com/principals-in-…

🧵☁️ #cloud #security
all of those 👆 since the start of September

I'd say, "Slow down Ben, you're going to give yourself a heart attack" but I'm 💯 sure my opening tweet did that for you 🤣

seriously though, this type of insight is desperately needed. well done!

🧵☁️ #cloud #security

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mark Nunnikhoven

Mark Nunnikhoven Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @marknca

Mark Nunnikhoven Profile picture
2 Sep
containers on @awscloud: a rant 🧵

problem: I want to run a single container every so often

☁️ #cloud #devops
I start with a search. the first result is straight forward and promising

I click on "Containers on AWS"

☁️🧵 #cloud #devops
I land here. it's not bad though a bit of a pitch, "AWS is the #1 place for you to run containers and 80% of all containers in the cloud run on @awscloud" << but will MINE?!?

☁️🧵 #cloud #devops
Read 45 tweets
Mark Nunnikhoven Profile picture
24 Aug
next up is IAM with Karen Haberkorn

@awscloud #reinforce
…and the challenge of virtual events rears it ugly head. other more pressing matters popped up and I’ve missed what seems like a great talk and discussion on IAM 😔

@awscloud #reinforce
…but the upside of the virtual event is that I should be able to watch this on replay soon enough!

@awscloud #reinforce
Read 17 tweets
Mark Nunnikhoven Profile picture
24 Aug
Eric Brandwine up now at @awscloud #reinforce

he’s talking about building a culture of #security
scale quickly became a problem in building the #security organization at AWS

@awscloud #reinforce
Eric realized they couldn’t scale up the team to the size of AWS, it just wasn’t possible

they had to figure out a way to help the organization build the #security culture itself

@awscloud #reinforce
Read 34 tweets
Mark Nunnikhoven Profile picture
24 Aug
new thread to cover, “Governance, Risk, & Compliance”

@awscloud #reinforce
Anil starts things off with compliance landscape…

@awscloud #reinforce
lots of different legislation out there around data protection and #privacy. combined with a push to the cloud, lots of change in a traditionally slow area of GRC

@awscloud #reinforce
Read 15 tweets
Mark Nunnikhoven Profile picture
24 Aug
up now at @awscloud #reinforce, “Data Protection & Privacy” with @JKenBeer, @jennybrinkley, & @clean_freak

☁️ #cloud #devops
. @StephenSchmidt introduces the session, which is a “fireside chat”

@awscloud #reinforce
Jenny is co-ordinating the chat. Anne is the director of Alexa Trust. Ken is the GM of AWS KMS

@awscloud #reinforce
Read 37 tweets
Mark Nunnikhoven Profile picture
24 Aug
. @awscloud #reinforce // here we go…

🎙🧵

☁️ #cloud #security #devops
Adam Selipsky (CEO, AWS) up first with an opening message for @awscloud #reinforce
“Security is job ZERO at @awscloud”, Adam Selipsky. he’s referring to the fact that it is required as a baseline before building or doing anything

he goes on to say that #security is critical to AWS’ success and customer success

#cloud #devops
Read 121 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @marknca has new unrolls!

Check out other threads from @marknca!

Read all threads by @marknca

:(