Celidor
  • Blog
  • About
  • People
  • News
  • TALKS
  • Contact

Talk and live demo at fwd:cloudsec

24/6/2020

0 Comments

 
I'm looking forward to presenting "Centralizing identity across AWS, Azure and GCP" at fwd:cloudsec, a new, community organised, not-for-profit conference on cloud security. The event takes place on 29 June 2020 and is free to attend online.
Picture
To see the abstract for the talk, please click on the "Read More" link below.
We begin by looking at the approaches to Identity and Organizations adopted by AWS, Azure and GCP.

​Azure and GCP both use an inherently centralized model for identity:
  • Azure AD tenant and multiple Azure subscriptions (dev, test, prod …)
  • GSuite or Cloud Identity, GCP organization, multiple GCP projects (dev, test, prod …)

By default, AWS user identities are not centralized across multiple AWS accounts – it’s possible to create separate IAM users in each AWS account. However, this is definitely not recommended from a security perspective as it’s then all too easy for user credentials to remain active after someone has left the organization.

There are two principal design patterns for centralizing identity across multiple AWS accounts:
  • A landing AWS account, where the user assumes roles into other accounts
  • AWS Single Sign-On (SSO) integrated with AWS Organizations

Whichever cloud provider is used, it’s important to federate identity back to a single source of truth – commonly on-premise Active Directory for larger enterprises.

We’ll look at an organization which had IAM users created within several different AWS accounts, and no federation of identity.

As this organization was an Office 365 customer, Azure AD was already in place as the identity source for Office 365, synchronized with on-premise Active Directory.

I’ll talk about my experience leading the implementation of AWS Single Sign-On (SSO) across the AWS Organization, synchronized to Azure AD, using on-premise Active Directory identities.
​
You’ll see a live demonstration of user synchronization and single sign-on using AWS Organizations, AWS SSO, Azure AD and Active Directory, and hear about some of the practical issues encountered in adoption across multiple AWS accounts within the enterprise.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Paul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist

    Archives

    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    January 2022
    November 2021
    September 2021
    July 2021
    March 2021
    July 2020
    June 2020
    February 2020
    December 2019
    November 2019
    October 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    November 2018
    October 2018
    September 2018
    August 2018

    Categories

    All
    Cloud Security
    DevSecOps

    RSS Feed


Contact us via email at info@celidor.net 

© 2020 Celidor Limited. All Rights Reserved.

Celidor Limited

Company Number: 08870661


  • Blog
  • About
  • People
  • News
  • TALKS
  • Contact