When operating in Amazon Web Services (AWS) it is important to understand your responsibility when it comes to security. AWS operates under a shared security responsibility model, where AWS is responsible for the security of the underlying cloud infrastructure and you, the AWS customer, are responsible for securing workloads you deploy in AWS. IT administrators and Security Officers should educate themselves on how to leverage AWS Identity and Access Management (IAM) configuration to protect access to AWS resources in a way that enhances security yet doesn’t hinder productivity.
The path to securing AWS access in the enterprise runs through securing AWS sign-in and configuring least privilege access across multiple accounts. The solution is elimination of passwords with Single Sign-On (SSO) and automated provisioning of AWS roles across all AWS accounts. This is made possible by integrating with a modern identity solution such as OneLogin’s cloud directory. The benefits are improved security by reducing risk of identity theft, an increase in productivity with faster access to applications and services, and significant savings for IT with automation and end-user self-service.
In this whitepaper we articulate the technical challenges of securing AWS access and the value proposition of an identity platform for the modern enterprise. In addition, we offer a brief introduction to OneLogin and instructions on how to create a free account.