Skip to content

AWS Security


AWS Security Reference Architecture AWS SRA

Policy as Code with AWS CDK and Open Policy Agent

Payment Card Industry Data Security Standard compliance


AWS IAM Anywhere

  • AWS IAM Anywhere 🌟
    • Most of us that have worked with cloud long enough has encountered hybrid cloud solutions in one way or another. I often see clients with some parts, or applications, running on-premises that need to call AWS services. I’m working with an client with an application running on-premises. The application gather data from different sources, and then upload the data files to an Amazon S3 Bucket. The data is imported and analyzed in the cloud. Up till now I needed to create an IAM User and generate long lived credentials that the on-premises part could use. That is until the recent release of IAM Anywhere.
    • IAM Anywhere rely on Public key Infrastructure (PKI) and exchange x.509 certificates for temporary AWS IAM credentials. You establish a trust between you AWS account and a Certificate Authority (CA), a trust anchor. Certificates issued by that CA can then be used to get credentials. Fields, like the Common Name (CN), in the certificate can be used as conditions in policies to limit what IAM Roles that can be assumed.

AWS Organizations

AWS Control Tower

AWS Firewalls

AWS WAF Web Application Firewall

AWS Secrets Manager

AWS Vault


Click to expand!