AWS re:Invent 2018: How Vanguard Matured IAM Controls to Support Micro Accounts (SEC324)

Published on Nov 29, 2018

In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege. Complete Title: AWS re:Invent 2018: IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accounts (SEC324)