AWS Bites

134. Eliminate the IAM User

Listen Later

In this episode, we discuss why IAM users and long-lived credentials are dangerous and should be avoided. We share war stories of compromised credentials and overprivileged access. We then explore solutions like centralizing IAM users, using tools like AWS Vault for temporary credentials, integrating with AWS SSO, and fully eliminating IAM users when possible.


💰 SPONSORS 💰

AWS Bites is brought to you by fourTheorem. If you are looking for a partner to architect, develop and modernise on AWS, give fourTheorem a call. Check out ⁠⁠https://fourtheorem.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.


In this episode, we mentioned the following resources:

  • Episode 118 "The landing zone: Managing multiple AWS accounts": https://awsbites.com/118-the-landing-zone-managing-multiple-aws-accounts/
  • Episode 96: "AWS Governance and Landing Zone with Control Tower, Org Formation, and Terraform" https://awsbites.com/96-aws-governance-and-landing-zone-with-control-tower-org-formation-and-terraform/
  • Datadog Security Report (IAM stats): https://www.datadoghq.com/state-of-cloud-security/
  • Credentials provider chain in the JavaScript SDK: https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html
  • Credentials provider chain in the AWS CLI: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-authentication.html
  • Episode 45 "What’s the magic of OIDC identity providers?": https://awsbites.com/45-what-s-the-magic-of-oidc-identity-providers/
  • Episode 112 "What is a Service Control Policy (SCP)?": https://awsbites.com/112-what-is-a-service-control-policy-scp
  • Episode 115 "What can you do with Permissions Boundaries?": https://awsbites.com/115-what-can-you-do-with-permissions-boundaries/


    • Do you have any AWS questions you would like us to address?

    Leave a comment here or connect with us on X, formerly Twitter:
    - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠
    - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

    ...more
    View all episodesView all episodes
    Download on the App Store
    AWS BitesBy AWS Bites
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    11 ratings

    More shows like AWS Bites

    View all
    Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

    Software Engineering Radio - the podcast for professional software developers

    272 Listeners

    The McKinsey Podcast by McKinsey & Company

    The McKinsey Podcast

    378 Listeners

    Planet Money by NPR

    Planet Money

    30,734 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    284 Listeners

    Thoughtworks Technology Podcast by Thoughtworks

    Thoughtworks Technology Podcast

    41 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    585 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    624 Listeners

    The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

    The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

    435 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    202 Listeners

    Data Engineering Podcast by Tobias Macey

    Data Engineering Podcast

    140 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    183 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    138 Listeners

    Big Technology Podcast by Alex Kantrowitz

    Big Technology Podcast

    453 Listeners

    The AWS Developers Podcast by Amazon Web Services

    The AWS Developers Podcast

    22 Listeners

    The Pragmatic Engineer by Gergely Orosz

    The Pragmatic Engineer

    62 Listeners