Resource, IAM, and Trust Policies on AWS
ACM.24 Architecting defense in depth AWS policies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: AWS Security | Cloud Security Architecture | IAM
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We’ve been using a lot of different AWS policies in this series — trust policies on roles, KMS Key policies, and policies assigned to users, roles, and groups.
In our last post we created the KMS key and a key policy that defines who can access and perform actions with or on that KMS key.
We also allowed an IAM role to administer our key and we granted a user permission to assume and use that role for administration.
When you design your AWS policies, you need to consider the implications of how the different policies you can create work together. Using different policies managed by different people leverages the concept of separation of concerns or segregation of duties…