Class Notes For Company Admin, Accounts and Audit (Corporate Law, SMU)
Admin Least Privilege on Shared Cloud Accounts
-
Upload
roundarchuser -
Category
Software
-
view
102 -
download
1
Transcript of Admin Least Privilege on Shared Cloud Accounts
![Page 1: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/1.jpg)
Self Service Cloud Permissioning Approaches on AWS
![Page 2: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/2.jpg)
Assumptions
![Page 3: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/3.jpg)
![Page 4: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/4.jpg)
Admin
Power
Indirect
Scope of Classifications
Limited
![Page 5: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/5.jpg)
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDB bucket with objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Admin
![Page 6: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/6.jpg)
IAM AWS CloudTrailAWS Config
Power
Amazon SNS Amazon SQS Amazon SES
Amazon RDSDynamoDB
Amazon Lambda Elastic
BeanstalkAWS
CloudFormation
bucket with objects
App group 1 App group 2
App group 3 App group 4
![Page 7: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/7.jpg)
![Page 8: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/8.jpg)
Amazon SNS Amazon SQS Amazon SES
IAM AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDBAmazon Lambda
App group 2
App group 3 App group 4
LimitedApp group 1
Elastic Beanstalk
bucket with objects
![Page 9: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/9.jpg)
Amazon RDS
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudTrailAWS ConfigDynamoDB bucket with
objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Indirect
AWS CloudFormatio
n
![Page 10: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/10.jpg)
Execution Model
![Page 11: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/11.jpg)
Conditions
• cloudformation:TemplateURL• cloudformation:ResourceTypes• cloudformation:StackPolicyURL
![Page 12: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/12.jpg)
![Page 13: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/13.jpg)
![Page 14: Admin Least Privilege on Shared Cloud Accounts](https://reader035.fdocuments.in/reader035/viewer/2022070516/587519cf1a28ab05598b730d/html5/thumbnails/14.jpg)