re:Invent session SEC207
re:Invent slides here
List of handy resources here!
Are you one of the many who didn't have a chance to go to re:Invent 2019? Here's a curated list of second-half 2019 AWS Identity sessions and related blogs. Use this to help you assess if these new features are right for you! Also check out the AWS Identity keynote, where you'll hear how the identity space has evolved and how AWS is making identity, access control, and resource management easier for everyone.
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "AllowAssumeRoleIfSessionNameEqualsAccessProjectSessionTagValue", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "arn:aws:iam::123456789012:root" | |
}, | |
"Action": "sts:AssumeRole", |
[ACM.1] Imported ACM certificates should be renewed within 90 days of expiration | |
[CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-region trail | |
[CloudTrail.2] CloudTrail should have encryption at-rest enabled | |
[CodeBuild.1] CodeBuild GitHub or Bitbucket source repository URLs should use OAuth | |
[CodeBuild.2] CodeBuild project environment variables should not contain clear text credentials | |
[Config.1AWS] Config should be enabled | |
[EC2.1] EBS snapshots should not be public, determined by the ability to be restorable by anyone | |
[EC2.2] The VPC default security group should not allow inbound and outbound traffic | |
[EC2.3] Attached EBS volumes should be encrypted at-rest | |
[EFS.1] Elastic File System should be configured to encrypt file data at-rest using AWS KMS |
// | |
// A simple example protecting the tags on IAM principals. Here, only an admins with an "is_admin:true" | |
// tag key/value pair can modify a tag on an IAM principal. | |
// | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "DenyModifyingIamAdminTag", | |
"Effect": "Deny", |