ππ Oh hey there!
This repo is created to pair with CloudSecNext 2022 presentation titled "Zero Trust: Building IAM with Terraform"
AWS IAM (Identity and Access Management) is the foundation of zero-trust security. These policies go far beyond users, policies, and roles, and additionally control almost every interaction within and among services and resources in the cloud.
Despite this, IAM policies are JSON free-form fields, and can be complicated, even for experienced engineers. This can lead to security failures and difficulties with implementing real-world zero-trust environments.
This repo illustrated several methods of taking a very simple input and building complex, fraught IAM policies with minimal typo risk. It builds 1141 lines of policies based on 52 lines of simple map input, perfect for future admins to easily update.
I fully advocate any team that manages critical or compliant data to use this method to build S3 policies, rather than building them by hand. Your CIA will thank you.
I can be found online @KyMidd on twitter and at https://kyler.omg.lol for everything else.
