We would love to hear your feedback about our show! Please take our survey here: https://amazonintna.qualtrics.com/jfe/form/SV_bwtyv485eGh1Jb0
AWS Supports You: Answering Your re:Post Questions on Security Identity & Compliance featured three AWS experts answering user submitted questions from the https://repost.aws/ forum to our live audience on our twitch.tv/aws channel. In this episode we give viewers an overview of how to get STS Regional endpoints in a real scenario, how to identify which Service Control Policy (SCP) is denying access to what, and how to increase the performance of fetching secrets using AWS Secrets Manager. If you have questions for our experts you can post them over on the https://repost.aws/ forum, and maybe you’ll be the topic of a future episode! This episode originally aired on September 26, 2022.
Intro 0:00
How to Get STS Regional Endpoints in a Real Scenario 01:23
How to Determine Which SCP is Denying Access to What 15:16
Increase the Performance of Fetching Secrets Using AWS Secrets Manager 25:19
Conclusions 39:37
Helpful Links:
rePost User Question 1: https://repost.aws/questions/QUSDezJc1bR6CJ2s47yMYMnQ/how-to-get-sts-regional-endpoints-in-a-real-scenario
rePost User Question 2: https://repost.aws/questions/QUPJoyz286TzKRCkGohlnqDg/rds-db-and-organizations
rePost User Question 3: https://repost.aws/questions/QUOcHHPYgZQVGzBY4VMsqv2Q/increasing-performance-of-fetching-secrets
STS docs: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
Identity providers and federation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html
Other services that work with IAM:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
Using an IAM role to grant permissions to applications running on Amazon EC2 instances:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Global Endpoints: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
Regional Endpoints: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
AWS Python SDK (Boto3): https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
VPC Endpoints:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html
Secrets Manager pricing:
https://aws.amazon.com/secrets-manager/pricing/
How lambda pricing works:
https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/aws-lambda.html
Rotate AWS Secrets Manager Secrets
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
Rotate DB Credentials
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html
Caching Data with AWS Lambda extensions:
https://aws.amazon.com/blogs/compute/caching-data-and-configuration-settings-with-aws-lambda-extensions/
Securely Retrieving secrest with AWS Lambda:
https://aws.amazon.com/it/blogs/compute/securely-retrieving-secrets-with-aws-lambda/
Secrets Manager Caching Libraries:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
Secrets Manager Rotation Strategies:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html
https://docs.aws.amazon.com/organizations/latest/userguide/org_troubleshoot_policies.html
Subscribe:
More AWS videos – http://bit.ly/2O3zS75
More AWS events videos – http://bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.
#AWS #AmazonWebServices #CloudComputing
