Identity and Access Management: Permissions and Identification

AWS Well-Architected Framework is a system used to identify the at-risk areas in your company’s infrastructure. AWS ensures your applications are using the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimisation.

Why are Identity and Access Management Important?
For your cloud-based systems to operate safely, the right people must have access to the resources meant for them. Allowing users to have access, or other applications to have access, opens up the potential for security threats if the proper measures aren’t in place. Using identity management and permissions management are the two best ways to take care of human and machine security access.

Identity Management
It’s best to manage identity access in a centralised way, meaning that you use one identity provider to grant access for multiple platforms. If you need to deny access to someone (like an employee leaving the company) you can instantly revoke their ability to view sensitive information. These could include company calendars, email accounts, AWS services and more. By centralising access, it becomes easier to track and control who has permission to view and change data.

When dealing with AWS, both humans and machines require unique identities to be able to access these services. To keep track of who/what has access to which applications/information, consider grouping users who have similar security access requirements together. Thus, making it easier to manage large groups of users within an organisation because settings can be changed by group membership rather than for each individual.

Permissions Management
Permissions are essential to the second pillar of AWS Well-Architected Framework security. By creating permission boundaries and granting least privilege access, you can restrict user and administrator ability to only what is necessary.

AWS utilises attribute-based access control (ABAC) which allows you to provide access based on specific attributes called tags. Programming these tags into your management strategy ahead of time means permissions will be applied automatically as a project unfolds rather than you manually updating a policy part way through. Doing this creates an efficient way to handle multi-user and developer access while still maintaining a secure cloud-based system.

Work with WOLK
If you’re interested in improving your cloud-based security, work with WOLK. A leading partner of the AWS Well-Architected Reviews, our review process draws attention to the areas of risk in your system so you can take the necessary steps to up-level your security measures.