AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) 

One of the best tutorial videos on IAM policies I've come across ! If Brigid creates an AWS course lessons, I'd blindly sign up for it !

I've gone through multiple videos on paid courses and RU-vid, this is the only one I've found which actually tries to teach the content of IAM instead of just regurgitating facts. Great job.

One of the best sessions, the presenter is fun and knowledgeable, keep them coming, thank you.

I am so thankful to Brigid for her explanation of the IAM in a nutshell. It explains and clears the concepts of all key features of AWS IAM succinctly.

One of the best IAM tutorials, Brigid made it fun and easy to comprehend.

Lady, you are the best in explanation IAM policies!!! Why I haven't seen this video earlier....

One of the best IAM Tutorials I have ever seen, going to use the solutions in my project.

This is one of the excellent presentation which helped me understand IAM permission boundary, resource policies.

Using the role's project-tag as prefix for resource name, to enforce ABAC for resources that doesn't support tag-based access control. That's brilliant!!

Bridget is very good at explaining this complicated subject. Thanks!

One of the best presentation on IAM, I must say

Great IAM policy explanation! One of the best session I have came across recently.

One of the best presentation on IAM, I must say, Thank You Brigid

Amazing Tutorial. Really cleared things up for me!

5 min in and I already know I'll be getting a lot out of this

4:05 I found the acronym easier to remember if spelled backwards

I love this session. Clear explanations in a relax way! Thank you!

This is a gem.

The value of this content is immense. A similar book I read ushered in a new chapter in my life. "AWS Unleashed: Mastering Amazon Web Services for Software Engineers" by Harrison Quill

This is an excellent intro to AWS permissions. Brigid packs a lot of useful information into a 1 hour video.

Still my favorite video

How cool was that !! Awesome

Great preso! Great presenter

Great Presentation. Would you post your slide in a gist so that we can make use of them? Thanks. J.N

Great Talk!

Feedback: would be nice to link the resources at the end of the slide in the description.

Best. Tutorial. Ever!

This is the greatest of all time tutorial

Anywhere to get those policies? Great preso.

Awesome! Great job, great info! This should be required day zero material for AWS users. Why am I just now encountering this while studying for my first certificate exam for AWS? I've been working with AWS for like over two years now.

Great presentation, I was in this room at the re:Invent.

Super clear !

Amazing Tutorial

Brigid, At 47:30 it appears you were allowed to change 'project' = 'sneaky' to 'project' = 'dorky' to bypass restrictions on 'sneaky' project? Did I see that wrong? And at 53:20 it appears to be trivial for Casey to change his principal tag to gain access to whichever project he wants. Is there in fact something that would block a principal from changing their tag? Great deep dive - this gave me a lot more confidence with policies and conditions. Thank you.

Great Presentation. Why is it that AWS CloudFront does not support action-level permissions for creating CloudFront key pairs and that one must use an AWS account root user to create a CloudFront key pair?

Video Summary: This video is a tutorial on becoming an IAM Policy Master in AWS in 60 minutes or less. The speaker covers the basics of IAM policy language and then dives into different policy types and use cases. The video also includes live demonstrations of creating and modifying policies. - 00:00 This section is an introduction to the speaker and an overview of what will be covered in the video. - 06:56 IAM policies in AWS are based on matching the context of a request to an allows statement in a defined policy. - 13:54 IAM Policy Master Challenge: Cross-Account Access - 20:49 Use deny statements in Service Control Policies to restrict access and reduce blast radius. - 27:44 The speaker demonstrates how to store and retrieve secrets using Secrets Manager in different regions, and also shows how to restrict user privileges to prevent privilege escalation. - 34:45 The speaker demonstrates how to create a role in IAM with specific permissions for lambda functions. - 41:41 This section explains the IAM policy for creating tags and modifying tags on AWS instances. - 48:31 IAM users and roles can now be tagged, allowing for more granular access control

Great presentation. Anyone know if these slides are available?

this talk is very helpful

Great info. Constructive feedback would be that swapping between chrome instances during the demo is not very clear or easy to follow. Also the choice of the default theme notepad ++ for the code/text editor is not great for demo purposes. Vscode, or some other dedicated code editor if you couldn't use Microsoft dev tools in an AWS presentation, would have been a better choice.

merci; this is awesome!

Question, can we control naming convention with IAM policy for creating a resource like "Security group"

miles better than my paid udemy courses

excellent.

why at 20:38, creation control of resources to specific region with iam policies? im doing it in production with org SCPs and its very easy to manage

Not to ding Brigid. She did a good job. But the only thing going through my mind as I watch this is "This is batshit crazy". Figuring out how and why access was denied shouldn't need an n dimensional truth table. I get that this has grown organically but what we have now is a monster of Frankenstein proportions. I realize that Google has the advantage of starting out later and not making the same mistakes. And that their offering is significantly less complex than AWS. But GCP IAM is a lot simpler and easier to understand. They have also done a much better job with BigTable than DynamoDB. It's crazy that implementation details dictate how I choose partition keys. And many cross region replication are a lot more transparent. At this point, Amazon needs to figure out how to simplify some of this stuff. IAM in particular. Otherwise, AWS is going to collapse under its own weight.

SCP polices used only for deny then how come at 13:47 she mentioned allow in SCP. Can someone please explain me?

is the slide available the you tube video hard to read

Please how do I access the command line?

Now I am completely lost 😢

I'm guessing "is awesome" didn't show up as a name at 47:50 because tags are case sensitive? Just thought I'd point this out in case in anyone else was confused like I was. docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

dont know how many people she help pass the aws orgs portion of csap pro haha

low key trying to start a gang war

I don't get why she's using a whitelist SCP in her examples when almost nobody uses SCPs that way. They use blacklist SCPs

😵‍💫😵‍💫😵‍💫

I don't get the bashing to this girl. Either take it or leave it, but she was presenting a somewhat difficult topic to grasp for most, in a funny way. Nevermind they are posting this for free, in an easy to consume form. And I'm sure we're just seeing the tip of the iceberg on what the girl can do. Brigid is Ninja.

Where is the real-world enterprise-level project you did? she is reading white papers for one hour.

Does anybody know the difference between permission boundaries and SCPs - they both sound exactly the same!?

audience is so awkward lol

She's sweet

AWẞçlearDB/00829-⁸7845

The content was good. The presenter is not grate. She should have actually taken the case one by one

Very bad way of teaching. Don't say you are teaching, you are just checking some folks who know already that's it.

Tech Industry: "Diversification is important and a priority for us!!" Also tech industry: 22:21 😒🗑🚮

Good presentatio. Sadly, IAM is an awful product. Your average IT admin can manage this complexity.

Great tutorial. She is not that funny though.

Good info, but she really needs to stop talking to a room full of adults like they're in kindergarten.

000002 *REH02241996 the RE I love your demonstration sounds like u should be in Boston massachusetts with RE.inforce

AWẞçlearDB/00829-⁸7845