Add IAM to secure systems #956
Conversation
Vercel Previews Deployed
|
Broken Link CheckerNo broken links found! 🎉 |
...framework/docs/docs/secure-systems/identity-access-management/define-access-requirements.mdx
Outdated
Show resolved
Hide resolved
| - Current best operational practices that define security controls (SOC 2, NIST, | ||
| ISO 127001). | ||
|
|
||
| Start with identifying the regulations and standards that apply to your |
There was a problem hiding this comment.
This goes past 'what are access reqs' and starts having users do something. I would keep them separate. You could also combine the 'what is' part with the intro.
...framework/docs/docs/secure-systems/identity-access-management/define-access-requirements.mdx
Show resolved
Hide resolved
...framework/docs/docs/secure-systems/identity-access-management/define-access-requirements.mdx
Show resolved
Hide resolved
| seem overwhelming. There are steps you can take to simplify identifying which | ||
| requirements you need, and collect the necessary documentation to implement the | ||
| access requirements. | ||
|
|
There was a problem hiding this comment.
Since it looks like you want users to follow these documents in a specific order, you may want to list all of the steps/docs here? I can't remember if we do this in other WAF docs, or how we do it. We might add it to the bottom.
Because looking at create permissions, it looks like this is a collection.
|
|
||
| Now that you have defined your access requirements, you can begin writing | ||
| policies that enforce permissions guardrails by using least privilege policies. | ||
|
|
There was a problem hiding this comment.
Add something about what least privilege is. Add a resource to our best docs on least priv. Least priv is still a new concept.
...mework/docs/docs/secure-systems/identity-access-management/create-permissions-guardrails.mdx
Outdated
Show resolved
Hide resolved
| access requirements](/well-architected-framework/secure-systems/identity-access-management/define-access-requirements), | ||
| you can use that information to write identity and access management (IAM) policies. | ||
|
|
||
| ## What is least privilege |
There was a problem hiding this comment.
I think you can combine this with the intro.
| have access to the specific resources they need. If a user’s credentials become | ||
| compromised using least privilege policies, the attacker can access just the | ||
| limited set of resources defined in the policy, reducing the potential damage. | ||
|
|
There was a problem hiding this comment.
I think a diagram could be cool here showing the value of least priv
| - Logging enabled and monitored for access to production. | ||
| - Centralized authentication and authorization for all services. | ||
|
|
||
| HashiCorp tools and services like [Vault](/vault/tutorials/get-started) and |
There was a problem hiding this comment.
I think you can give stronger examples of how our tools can help with least priv (I know this is a start to these docs, so you'll be adding more later).
| requirements](/well-architected-framework/secure-systems/identity-access-management/define-access-requirements) | ||
| into policies for your systems. | ||
|
|
||
| ## What are permissions |
There was a problem hiding this comment.
Might combine this with intro
| Identity and Access Management (IAM) supports JSON-based policies. Other systems | ||
| like Active Directory may require scripting the policies in other languages like | ||
| PowerShell. | ||
|
|
There was a problem hiding this comment.
I would add a code example to show users how a simple permission as code would look.
...framework/docs/docs/secure-systems/identity-access-management/define-access-requirements.mdx
Outdated
Show resolved
Hide resolved
…entity-access-management/define-access-requirements.mdx Co-authored-by: CJ <[email protected]>
…entity-access-management/define-access-requirements.mdx Co-authored-by: CJ <[email protected]>
🎫 Jira task
🔍 Preview + other pages under iam.