Skip to content

Blog

Deploy IAM Roles across an AWS Organization as code

In environments with multiple AWS accounts, managing roles can be a challenge. AWS IAM offers us a robust solution for managing roles within each account, but when it comes to consistently implementing roles across all accounts in an organization, the task can become complex.

In this post, we will see how to automatically deploy IAM roles across all accounts in an AWS organization as code, using CloudFormation, Organizations, and Terraform.

architecture architecture

IAM policy mishaps: Case 1 - S3

Continuing with the series of posts related to IAM misconfigurations, we are going to delve a bit into its use focused on the AWS S3 service.

To do this, we will look at the different ways we can control the security of the service and how dangerous it is to apply a policy without clearly understanding what it does.

Info

If you want to directly try the examples we are going to present, take a look at our repo .

We have prepared different scenarios in Terraform .

IAM policy mishaps: Intro to IAM

This post is based on the introduction of the talk IAM policy mishaps: A cautionary tale of cloud misconfigurations that we presented on Saturday, January 27th, at Sh3llCON (Reinosa). It is going to be the first in a series about IAM misconfigurations (yes, unfortunately, it's a topic that provides enough material for a series).