/plushcap/analysis/datadog/engineering-secure-aws-account-iam-setup

Secure (and usable) multi-AWS account IAM setup

What's this blog post about?

The text discusses the management of multiple AWS accounts for security purposes. Having separate accounts can provide natural security boundaries and isolation between workloads. However, managing multiple accounts can add operational complexity. To manage this effectively, the author outlines a set of requirements that include having IAM users only in one account, limiting API access by default, requiring MFA for privilege escalation, and grouping privileged API calls together by topic. The text then provides an example implementation using IAM constructs such as users, groups, and roles to demonstrate how these requirements can be met.

Company
Datadog

Date published
Sept. 20, 2017

Author(s)
Alexis Le-Quoc

Word count
2418

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.