AWS Identity post re:Inforce 2019 launches, sessions, and blogs

aws-identity-post-reinforce-2019.md

Are you one of the many who didn't have a chance to go to re:Invent 2019? Here's a curated list of post re:Inforce AWS Identity sessions and related blogs. Use this to help you assess if these new features are right for you! Also check out the AWS Identity keynote, where you'll hear how the identity space has evolved and how AWS is making identity, access control, and resource management easier for everyone.

Workforce Identity

Launch announcements

• Manage access to AWS centrally for Azure AD users with AWS Single Sign-on
  • Watch the 2019 re:Invent session SEC308 or view the slides
• Improve the Security Between AWS Applications and Your Self-Managed Active Directory with Secure LDAP using AWS Managed Microsoft AD
• Increase AWS Single Sign-On security with multi-factor authentication (MFA) using authenticator apps
• Use the AWS CLI v2 preview with AWS Single Sign-on to increase developer productivity
  • Read more on the Security Blog here
• AWS Client VPN now supports Multi Factor Authentication (MFA) for Active Directory
• Amazon RDS for MySQL Supports Authentication with Active Directory
• Amazon RDS for SQL Server Now Supports Joining a Domain Across AWS Accounts and VPCs using Managed Microsoft AD

Key re:Invent sessions

• Active Directory on AWS to support Windows workloads (WIN312)

Customer Identity

Launch announcements

• Amazon Cognito User Pools service now supports case insensitivity for user aliases
• Amazon Cognito User Pools service now supports logging for all API calls with AWS CloudTrail
• Amazon Cognito now supports CloudWatch Usage Metrics
• Amazon Cognito now supports account recovery method prioritization
• Amazon Cognito now supports Sign in with Apple
  • Read more on the Security Blog here
• Amazon Cognito Increases CloudFormation Support
• Amplify CLI enables creating Amazon Cognito User Pool Groups, configuring fine-grained permissions on groups, and adding user management capabilities to applications
  • Read more on the Mobile Blog here

Access Management

Launch announcements

• Amazon S3 Access Points makes it simple to manage access at scale for applications using shared data sets on S3
  • Read more on the News blog here
• AWS IAM policy simulator now simulates permissions boundary policies
• AWS Security Token Service Now Supports AWS PrivateLink in 13 New Regions
• Introducing AWS Identity and Access Management (IAM) Access Analyzer
  • Watch the re:Invent session SEC309 or view the slides
  • Read more on the News Blog here
• Introducing Access Analyzer for Amazon S3 to review access policies
  • Read more on the Storage Blog here
• AWS Security Hub integrates with the AWS Identity and Access Management (IAM) Access Analyzer
• Simplify permissions management by using employee attributes from your corporate directory for access control
  • Read the Security and News Blog for more: - Rely on employee attributes from your corporate directory to create fine-grained permissions in AWS - New for identity federation – use employee attributes for access control in AWS - Use attribute-based access control (ABAC) with AD FS to simplify IAM permissions management
• Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
  • Read more on the Security Blog here
• Identify unused IAM roles easily and remove them confidently by using the last used timestamp
  • Read the Security Blog for more: - Identify unused IAM roles and remove them confidently with the last used timestamp - Continuously monitor unused IAM roles with AWS Config
• Use IAM access advisor with AWS Organizations to set permission guardrails confidently
  • Read more on the Security Blog from here
• Now Add Endpoint Policies to Interface Endpoints for AWS Services

Related announcements

• Amazon Elastic File System now supports AWS Identity and Access Management for Network File System clients
• AWS CloudTrail announces CloudTrail Insights
  • Read more on the News Blog here

Key re:Invent sessions

• Getting started with AWS identity (SEC209)
  • View the slides
• Access control confidence: Grant the right access to the right things (SEC316)
  • View the slides
• Access management in 4D (SEC405)
  • View the slides

Multi-account Governance

Launch announcements

• AWS launches Tag Policies
  • Read more on the News Blog here
• Introducing AWS Config Conformance Packs
• Introducing AWS Systems Manager Explorer
• Now select resource groups as targets for AWS Systems Manager Run Command
• Now use AWS Systems Manager Maintenance Windows to select resource groups as targets
• AWS Resource Groups is Now SOC Compliant
• AWS Config now enables you to provision AWS Config rules across all AWS accounts in your organization
• Introducing Service Quotas: View and manage your quotas for AWS services from one central location
  • Read more on the Management & Governance Blog here
• AWS Control Tower is now generally available
• AWS Health enables aggregation of health events across AWS Organizations
• AWS CloudFormation StackSets introduces automatic deployments across accounts and regions through AWS Organizations

Key re:Invent sessions

• Architecting security & governance across your landing zone (SEC325)
  • View the slides
• Architect governance at enterprise scale with Goldman Sachs (MGT313)
  • View the slides