Hands-On Workshop | Least Privilege - An Adventure in Third-Party Cloud Account Access

Many cloud-focused tools and third-party vendors require access to your organization’s cloud account. Sure, you could open up the flood gates and allow full, administrative access, but do those vendors and tools need that level of access? Most likely, no. In an age of increased supply chain and upstream vendor compromises, we must ensure that we are limiting any and all external access to what is truly needed and nothing more. In this workshop, you will allow a third party vendor (Blue Mountain Cyber) access to your cloud account and, in return, an automated security assessment of your AWS account will be performed. But there’s a twist: To get these results, you must first limit access to ONLY what is needed to perform this audit. Too much or too little access? No report for you!

Learning Objectives:

• How to spot overly-permissive user accounts
• How to properly establish least privilege using custom policies for IAM users
• How to allow third party accounts access to your AWS account with just enough access to perform their tasks
• How to add additional conditions prior to successful role assumption from external users

Who Should Attend:

• Those brand new to AWS
• New to security measures in AWS’ IAM service

Pre-requisite Knowledge:

None.

System Requirements:

• A modern web browser, preferably Chrome
• AWS account with root access or an IAM user with Administrator Access permissions. If you need an AWS account, you can create a free tier account with root access at https://aws.amazon.com/free/

This workshop supports both SEC388: Introduction to Cloud Computing and Security and SEC488: Cloud Security Essentials.