AWS developer credentials sent directly to an AWS secret | by Teri Radichel | Cloud Security | January 2024


ACM.444 Create credentials without ever exposing them to users or in code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~

⚙️ Part of my series on Automation of cybersecurity measures. THE Coded.

🔒 Related Stories: AWS Security | Application security | Batch jobs

💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~

In the last article I explained how I could revise my code to create an AWS deployment container.

I had a few existing templates for deploying resources in my stack that I started deploying here, but I’m going to need to change something in the way I deploy the AWS credentials used by tasks.

I will automatically deploy a user’s credentials for use in the job execution environment.

I wrote about creating secrets without exposing them to users in a previous article a long, long time ago… well, I use it with my batch job execution framework. I started a long time ago, but I didn’t know exactly how it would turn out. out.

I will exploit but rework this code a little to work in the context of our framework.

I will deploy the user in IAM account And credentials in IAM account for the environment in which the credentials can operate. So for the environment I’m setting up, I’m going to create the dev-admin user in the dev-IAM account. I need to restrict these credentials…

Leave a comment