Upload
roundarchuser
View
104
Download
1
Embed Size (px)
Citation preview
Self Service Cloud Permissioning Approaches on AWS
Assumptions
Admin
Power
Indirect
Scope of Classifications
Limited
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDB bucket with objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Admin
IAM AWS CloudTrailAWS Config
Power
Amazon SNS Amazon SQS Amazon SES
Amazon RDSDynamoDB
Amazon Lambda Elastic
BeanstalkAWS
CloudFormation
bucket with objects
App group 1 App group 2
App group 3 App group 4
Amazon SNS Amazon SQS Amazon SES
IAM AWS CloudFormatio
n
AWS CloudTrailAWS ConfigAmazon
RDSDynamoDBAmazon Lambda
App group 2
App group 3 App group 4
LimitedApp group 1
Elastic Beanstalk
bucket with objects
Amazon RDS
Amazon SNS Amazon SQS Amazon SES
IAM Elastic Beanstalk
AWS CloudTrailAWS ConfigDynamoDB bucket with
objects
App group 1
Amazon Lambda
App group 2
App group 3 App group 4
Indirect
AWS CloudFormatio
n
Execution Model
Conditions
• cloudformation:TemplateURL• cloudformation:ResourceTypes• cloudformation:StackPolicyURL