Last Issue: Cyber Notes is Changing…

Next Issue: 5 x Common Entry Level Cyber Security Interview Questions

This Issue: AWS Project: Security Token Service 🔑

House Keeping:

Hopefully you’ll enjoy this week’s project, I feel it’s a really fundamental Cloud skill to know about from a security point of view. Let me know if you get stuck.

I wanted to drop a quick note to say Cyber Notes now has its own domain…cybernotes.tech 🎉

AWS STS

What is it and why is it so important? Okay, basically at a high level, AWS STS lets you request temporary credentials so a service in one account can safely take action another account.

Cross account access gets messy fast if you don’t structure it properly, so here’s the secure version of how it should work and what we are going to build today.

Account A
Runs something like:

• Lambda

• ECS task

It has a single IAM policy that says: I am allowed to call sts:AssumeRole on a role in

Account B
Contains the actual IAM role. This role has two things:

A trust policy that says: I trust Account A to assume me.

A permission policy that says: Here’s what I can do in Account B (example: write to S3, deploy to ECS, read Secrets Manager etc ).

Done.

Account B exposes a role.
Account A gets permission to assume it.

This is cool because, it means no permanent credentials and no giant list of access keys floating around.

Project Time

Okay, now you understand what’s going on here. Let’s build it out in action!

As usual, I reserve the Projects for community members… come join the fun!