Recommended
Recommended
More Related Content
Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault
Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault (20)
Recently uploaded
Recently uploaded (10)
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault
- 1. Communit y AWS Community How To Get Rid of Hard-coded Credential and Reduce Data Leakage Risks with aws-vault Vladimir Cageyv Samoylov
- 2. AWS Community Key Takeaway Understand how to minimize frictions on application development by using 3rd party tool, aws-vault, in your local development environment. Static IAM Access Keys should not be used in modern applications or/and on developers machines.
- 3. AWS Community A common simple workflow Dev Stage Prod
- 4. But, what happens before dev environment?
- 5. AWS Community Local environment Dev Stage Prod Local
- 6. AWS Community Local development and fixing bugs
- 7. But what if code depends on AWS Services?
- 8. AWS Community Let’s ask search engine, GPT or Stack Overflow And the most popular answers will suggest you to go and create IAM User and STATIC Access Key :(
- 10. AWS Community Static credentials stored locally
- 11. AWS Community Temporary credentials stored locally
- 12. “Only amateurs attack machines; professionals target people.” Bruce Schneier, American cryptographer, writer and computer security specialist
- 13. aws-vault - A vault for securely storing and accessing AWS credentials in development environments
- 14. AWS Community How it works and how aws-vault store creds AWS Vault stores IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications. It's designed to be complementary to the AWS CLI tools, and is aware of your profiles and configuration in ~/.aws/config. MacOS KeyChain Ubuntu Gnome Keyring Windows Credential Manager
- 15. AWS Community AWS Security Token Service (AWS STS) AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for users Source: https://blog.knoldus.com/deep-dive-aws-temporary-security-credentials-assumerole-and-iam-role/
- 16. AWS Community Top use cases with aws-vault in daily life - No more temporary keys inside ~/.aws/sso/cache - Login to AWS Console - Local runs with an without containers - Emulate ECS/EC2 - Unit tests with AWS Services and Localstack emulation - More use cases: https://github.com/99designs/aws-vault/blob/master/USAGE.md - aws-vault-examples: https://github.com/cageyv/aws-vault-examples
- 17. Thank you Contacts: ● https://t.me/cageyv ● https://cageyv.dev/ ● https://github.com/cageyv/ ● https://www.linkedin.com/in/vladimirsamoylov / Useful links: ● https://github.com/99designs/aws-vault ● https://github.com/cageyv/aws-vault-examples ● https://docs.aws.amazon.com/cli/latest/usergui de/getting-started-install.html ● https://docs.aws.amazon.com/STS/latest/APIRe ference/welcome.html