DEF CON Forum Site Header Art


No announcement yet.

Least privilege using infrastructure as code

  • Filter
  • Time
  • Show
Clear All
new posts

  • Least privilege using infrastructure as code

    Title: Least privilege using infrastructure as code

    Security teams in the cloud are faced with an overwhelming amount of information to process in order to keep their environments secure. Keeping up with everything manually is a difficult, never-ending task where failure can have high consequences. Permissions management can be a time-consuming task, and as a security engineer, you’d often ask your self “how should have access to what?” , “who have access it in the past?” and “Is it OK to remediate those excessive permissions or would it cause a downtime?“.

    In this talk, we will demonstrate a method to automatically secure a live AWS IAM environment to a specific, less-permissive role that best fits the access pattern using the open-source tool: . At the end of the talk, we will have a result in Terraform code with a much smaller attack surface and reduced risk.




    Speaker(s): Nimrod Kor

    Location: Cloud Vlg


    Event starts: 2020-08-08 11:00 (11:00 AM) PDT (UTC -07:00)

    Event ends: 2020-08-08 11:45 (11:45 AM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-08T05:42 (UTC).
    August 8, 2020 11:00
    August 8, 2020 11:45
    Cloud Vlg
    Last edited by aNullValue; August 8, 2020, 00:18.