Thursday, January 19, 2023
HomeCyber SecurityAWS Service Management Insurance policies. Setting controls on the organizational… | by...

AWS Service Management Insurance policies. Setting controls on the organizational… | by Teri Radichel | Cloud Safety | Jan, 2023


Setting controls on the organizational stage

  • Create or select a principal that’s allowed to deploy SCPs.
  • Create or select a principal that’s allowed to handle domains (transfers, register, deregister).
  • Create an SCP that denies all however our SCP admin to create, modify or delete SCPs.
  • Create an SCP to require MFA for all function assumptions for customers.
  • Create an SCP that denies all however our area administrator principal carry out the Route 53 area actions and solely within the domains account.
  • Create an SCP to disclaim PassRole to any consumer as a result of as famous we presently don’t want that permission and it poses a danger. (We’re utilizing roles with the CLI and requiring MFA.) We are able to restore this permission if and after we want it later.
  • Create a PermissionBoundary that solely permits customers to alter their very own password, handle their very own MFA keys, or add their very own developer keys. *
  • Create an SCP to Deny anybody however our IAM Admin from utilizing the CreateUser permission and might solely add a consumer with the desired PermissionBoundary.
  • Restrict root account actions.
  • Stop the account from being faraway from the group to bypass the principles.
Medium: Teri Radichel
Electronic mail Checklist: Teri Radichel
Twitter: @teriradichel
Twitter (firm): @2ndSightLab
Mastodon: @teriradichel@infosec.trade
Put up: @teriradichel
Fb: 2nd Sight Lab
Slideshare: Displays by Teri Radichel
Speakerdeck: Displays by Teri Radichel
Books: Teri Radichel on Amazon
Recognition: SANS Distinction Makers Award, AWS Hero, IANS School
Certifications: SANS
Schooling: BA Enterprise, Grasp of Sofware Engineering, Grasp of Infosec
How I acquired into safety: Girl in tech
Purchase me a espresso: Teri Radichel
Firm (Penetration Exams, Assessments, Coaching): 2nd Sight Lab
Request providers through LinkedIn: Teri Radichel or IANS Analysis



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments