Cloud Security
Published in

Cloud Security

Resource, IAM, and Trust Policies on AWS

ACM.24 Architecting defense in depth AWS policies.

  • Run CloudFormation Script to create AWS Secret Key and Access Key for our IAM user
  • Run CloudFormation Script to create Secrets Manager Secret
  • Assign the Encryption Key in our CloudFormation script to the Secret Manager Secret and store the secret
  • Retrieve a specific Secret from Secrets Manager
  • Decrypt the secret
  • If we create a single purpose batch job or lambda function we can limit its access to a specific secret and KMS key.
  • Will this role have access to all the credentials to start a batch job or will we create a separate role and function for each job?
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty |