The AFP Project: secure cloud authentication for machines and humans.
When using Amazon Web Services (AWS) services from the outside AWS, there are two main authentication problems:
- Authenticating humans (employees, users, contributors etc...)
- Authenticating machines (servers, applications, clusters etc...)
At scale, the common practice to use IDentity and Access Management (IAM) users with static credentials / access keys is generally considered harmful---they are easy to loose control over and hard to rotate systematically . Hacked credentials are a sought after commodity and allow a digital adversary to perform anything from mining digital currencies  to cracking passwords.
The AWS Federation Proxy (AFP) Project , developed at ImmobilienScout24, solves the issue for both machines and humans by using a Custom Federation Broker and the Secure Token Service (STS) with IAM roles and temporary credentials. This talk introduces the project, the various components it consists of, and explains how we can use it to largely eliminate IAM users and static credentials.
- : https://99designs.com/tech-blog/blog/2015/10/26/aws-vault/
- : http://www.devfactor.net/2014/12/30/2375-amazon-mistake/
- : http://immobilienscout24.github.io/afp/
Valentin Haenel «email@example.com»
- LaTeX Beamer
- wiki2beamer (included)
- Solarized Theme for Pygments (included)
- Minted (included)
- ccBeamer (included)
All Content is...
- Copyright 2015 Immobilien Scout GmbH
- Licensed under the terms of Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)
The following dependencies are shipped with the sources:
- Wiki2beamer (file:
wiki2beamer) is licensed under Gnu Public Licence v2
- Minted (file:
minted.sty) is licensed under LaTeX Project Public License version 1.3
- ccBeamer (directory:
creative_commons/) is licensed under Creative Commons Attribution-ShareAlike 3.0