Automatic Least Privilege in AWS

Least privilege is a ubiquitous concept in security, but applying it is easier said than done. Permissions are complicated and tuning them doesn’t rate high on most developers’ task list. Least privilege is also a moving target, it should adjust as application scope changes, but this typically requires manual review. Fortunately there is a better way. AWS provides a wealth of data that can be used to reason about true least privilege policies.

By using this data, the security team at Netflix creates rightsized policies automatically. This talk discusses the challenges of applying least privilege and the processes and open-source tool we used to overcome them.

Travis McPeak

Travis works at Netflix on the Cloud Security team where he enjoys building automation that increases security while simultaneously boosting developer productivity. Travis is a core developer of the Bandit and Repokid open source projects and has presented at security conferences including BlackHat USA, Enigma, and re:Invent. He currently serves as the Bay Area OWASP Chapter Lead, a security advisor for startups, and a mentor for people looking to get in to security. Find Travis on twitter

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.