News Stay informed about the latest enterprise technology news and product updates.

AWS IAM centralizes policy management

Amazon Web Services IAM now supports managed policies, which allows IT teams to cut back on manual processes.

Amazon Web Services users who deploy the cloud-based Identity and Access Management service will be able to apply...

centralized policies, freeing enterprise IT pros from scripting work.

Amazon Web Services (AWS) Identity and Access Management (IAM) previously required manual labor or scripting to attach policies to multiple users, as policies were directly attached to each user they governed.

As of last week, policies have been made "first-class citizens" in IAM, according to the AWS blog, meaning they can be named; assigned to multiple users, groups and roles; and versioned for streamlined management. The permissions needed to attach and detach managed policies can be delegated within an organization; AWS also launched a set of predefined policies for common use cases, such as read-only access to databases.

"What we used to have to do programmatically has turned into a nice, easy-to-use service," said Peter Zimmerman, vice president of services and operations for Sonian, Inc., a cloud email archiving service provider based in Dedham, Mass. "We built our internal system that has to map to IAM -- it looks like this can remove our need to depend on some of the homegrown stuff we've been using."

For large AWS shops, managing policies for security is a major nightmare if they can't do it in one place, said Edward Haletky, CEO of The Virtualization Practice LLC, based in Austin, Texas.

While the intent of this move is to improve IAM for managing AWS resources specifically, over time, Haletky sees Amazon's Directory Service and AWS IAM potentially becoming a centralized identity store and policy manager that spans multiple clouds, a position for which it would have to compete with Microsoft's Azure Active Directory, which offers Active Directory Federation Services for identity federation across clouds.

Multicloud deployments require a unified identities pool, Haletky said. Some companies already use Salesforce.com or Google as this identity source, and there are third-party software makers such as JumpCloud, Inc., that provide centralized identity management and directory services. 

Still, "If Amazon could become your corporate identity store, that would be a big deal," Haletky said. "Given all the security management they're putting in place now … they could very well be the future corporate identity store, crossing cloud boundaries."

AWS Directory Service became available in October. AWS customers can use AWS Directory Service to connect to on-premises Active Directory using the AD Connector feature or create a new, managed directory hosted in the AWS Cloud -- known as Simple AD. Customers can then use those accounts to manage AWS resources via AWS IAM role-based access to the AWS Management Console.  

AWS Identity and Access Management is available through AWS accounts at no additional charge. With the AWS Directory Service, prices for the AD Connector range from $0.05 per hour for a small deployment (up to 10,000 objects) to $0.15 for a large deployment (up to 100,000 objects). Prices for Simple AD are $0.05 per hour for a small deployment (up to 2,000 objects) and $0.15 for a large deployment (up to 20,000 objects).

Beth Pariseau is senior news writer for SearchAWS. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.  

Dig Deeper on AWS compliance, governance, privacy and regulations

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Will you use AWS IAM?
Cancel
Using AWS Identity with Access Management enables securing controlled access to AWS services and the resources that come with it. Access Management aids to create and manage AWS users or groups that develop permissions to protect AWS resources. These permissions can be used to control operations done by entities, AWS service or individuals responsible for that duty. It has the identity federation feature that allows existing in the enterprise to easily access AWS Management Console.
Cancel
Yeah, this will save a lot of work. But calling policies "first class citizens" is a little creepy for me. Does anybody remember George Orwell?
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide

SearchSoftwareQuality

SearchCloudComputing

Close