AWS re:Invent 2019: Managing user permissions at scale with AWS SSO (SEC308)

Показать описание

AWS Organizations and AWS Single Sign-On (SSO) shifted the AWS cloud management model from separate accounts with unique identities to hierarchical accounts with common identities. Together they provide a simpler model to manage access within an account hierarchy, while providing users a portal from which to access their assigned accounts and roles. This session explains the latest AWS SSO security and administration features and best practices for managing permissions at scale, whether you administer your identities in AWS SSO or in Active Directory.

Рекомендации по теме

Комментарии

This video is a MUST WATCH for AWS SSO. So good.

anjalivas

Great presentation, well structured, connecting all the AWS SSO features in a meaningful way.

MatijaGrcic

Excellent presentation, both contents and delivery. Thank you

yustiono

Hi guys... great session and nice to see this offering moving forwards. Is there any movement on the cli & API automation for permission sets? I think Ron referred to them as the entitlement API. This is key to SSO being feasible for large organizations.

jamiet

Maybe it's just me, but I found the part around defining permissions in AWS was just quickly passed. You bring in the Azure accounts and permissions and I assume for these permissions you can then map these to one or more IAM policies is that correct? It seems like the last bit in that permission screen was skipped and only briefly mentioned in a sentence.

nexus

With respect to AWS SSO with Microsoft AD domain services part of the session, let me know if there is any other source for more details on it. would like to get more understanding and practical implementation of it

gauravwadhwa

52:03 How does Cognito come into play
thank you Ron Cully

anjalivas

AWS re:Invent 2019: Managing user permissions at scale with AWS SSO (SEC308)

AWS re:Invent 2019: Managing user permissions at scale with AWS SSO (SEC308)

AWS re:Invent 2019: [REPEAT 1] How to ensure configuration compliance (MGT303-R1)

AWS re:Invent 2019: [REPEAT 1] Access management in 4D (SEC405-R1)

AWS re:Invent 2019: [REPEAT 1] The right AWS network architecture for the right reason (NET320-R1)

AWS re:Invent 2019: [REPEAT] Scaling up to your first 10 million users (ARC211-R)

AWS re:Invent 2019: Provable access control: Know who can access your AWS resources (SEC343-R)

AWS re:Invent 2018: Centrally Monitoring Resource Configuration & Compliance (ENT332-R1)

AWS re:Inforce 2019: The Fundamentals of AWS Cloud Security (FND209-R)

Get started with Amazon DynamoDB global tables & improve resiliency | The Data Dive on AWS OnAir...

AWS re:Invent 2019: Leadership session: AWS identity (SEC207-L)

AWS re:Invent 2019: Maintaining security and availability on the unpredictable internet (NET313)

AWS re:Invent 2019: [REPEAT 1] Moving to event-driven architectures (SVS308-R1)

AWS re:Invent 2019: [REPEAT] Active Directory on AWS to support Windows workloads (WIN312-R)

AWS re:Invent 2017: [REPEAT] Serverless Authentication and Authorization: Identity M (SRV403-R)

AWS re:Invent 2019: [REPEAT 1] Getting started with AWS identity (SEC209-R1)

AWS re:Invent 2019: Roadmaps for containers, application networking & Amazon Linux at AWS (CON21...

AWS re:Invent 2019: More data science with less engineering: ML infrastructure at Netflix (NFX201)

AWS re:Invent 2018: [REPEAT 1] Scaling Up to Your First 10 Million Users (ARC205-R1)

AWS re:Invent 2018: How Vanguard Matured IAM Controls to Support Micro Accounts (SEC324)

AWS re:Invent 2019: How Facebook deployed Amazon WorkSpaces globally (EUC404)

AWS re:Invent 2019: [REPEAT 1] Networking best practices for serverless applications (SVS404-R1)

AWS re:Invent 2019: Delight your customers with ML-based personalized recommendations (AIM323)

AWS re:Invent 2019: [REPEAT] Best practices for Amazon S3 (including storage classes) (STG302-R)

AWS re:Invent 2019: [REPEAT 1] Achieving security goals with AWS CloudHSM (SEC305-R1)