eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue


Page 11 of 32

Authorization—The function of specifying access rights to resources. It is the process of providing an authenticated user the ability to access an application, data set, data le, or some other object. Assigning authenticated users, the rights to use, modify, or delete items that they can access requires attention to data classication. Successful authorization requires implementation of a mechanism to validate individ‐ ual users' needs to access files and information based on a combination of role, secu‐ rity policy, and risk policy considerations. Types of security credentials in cloud You use different types of security credentials depending on how you interact with your cloud computing service. The following list summarizes the different types of security credentials and when you might use each one within a cloud computing deployment. Identity and Access Management (IAM) (user name and password)—It is used when multiple individuals or applications require access to your cloud computing account. Create unique IAM user identities. Each user can use his or her own user name and password to sign in. Name and password are required to use a service, such as send‐ ing email with an email service in cloud. CIS Benchmark recommendations - Ensure IAM Master and IAM Manager roles are in place for IAM administration and assignment of administrative permissions for other services to other roles. An IAM role with in AWS is a conceptually "a con‐ tainer of permissions resembling a user account which cannot be directly logged into, but which must instead be assumed from an existing user account which has appro‐ priate permissions to do so", in the manner of roles in Unix Role-Based Access Con‐ trol (RBAC). Since IAM is the principal point of control for service configuration access, and "control over IAM" means "control over the configuration of all other 10 | Chapter 4 Cloud Computing Foundational Security Leading Practices

Articles in this issue

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud