ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault
1. Communit
y
AWS Community
How To Get Rid of Hard-coded Credential
and Reduce Data Leakage Risks with
aws-vault
Vladimir Cageyv Samoylov
2. AWS Community
Key Takeaway
Understand how to minimize frictions on application
development by using 3rd party tool, aws-vault, in your local development environment.
Static IAM Access Keys should not be used in modern applications or/and on developers machines.
8. AWS Community
Let’s ask search engine, GPT or Stack Overflow
And the most popular answers will suggest you to go and create IAM User and STATIC Access Key :(
12. “Only amateurs attack machines;
professionals target people.”
Bruce Schneier,
American cryptographer, writer and computer security specialist
13. aws-vault - A vault for securely storing
and accessing AWS credentials in
development environments
14. AWS Community
How it works and how aws-vault store creds
AWS Vault stores IAM credentials in your operating system's secure keystore and then generates
temporary credentials from those to expose to your shell and applications. It's designed to be
complementary to the AWS CLI tools, and is aware of your profiles and configuration in
~/.aws/config.
MacOS
KeyChain
Ubuntu
Gnome Keyring
Windows
Credential Manager
15. AWS Community
AWS Security Token Service (AWS STS)
AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request
temporary, limited-privilege credentials for users
Source: https://blog.knoldus.com/deep-dive-aws-temporary-security-credentials-assumerole-and-iam-role/
16. AWS Community
Top use cases with aws-vault in daily life
- No more temporary keys inside ~/.aws/sso/cache
- Login to AWS Console
- Local runs with an without containers
- Emulate ECS/EC2
- Unit tests with AWS Services and Localstack emulation
- More use cases: https://github.com/99designs/aws-vault/blob/master/USAGE.md
- aws-vault-examples: https://github.com/cageyv/aws-vault-examples