Data
Reader small image

You're reading from  Implementing Identity Management on AWS

Product typeBook
Published inOct 2021
PublisherPackt
ISBN-139781800562288
Edition1st Edition
Tools
AWS
Concepts
Identity Management
Right arrow
Author (1)
Jon Lehtinen
Jon Lehtinen
author image
Jon Lehtinen

Jon Lehtinen has 16 years of enterprise identity and access management experience and specializes in both the strategy and execution of IAM transformation in global-scale organizations such as Thomson Reuters, General Electric, and Apollo Education Group. In addition to his work in the enterprise space, he has held positions on Ping Identity's Customer Advisory Board and as an advisor to identity verification start-up EvidentID. He currently owns the workforce and customer identity implementations at Okta. Jon is dedicated to the growth and maturity of IAM as a profession and serves on the Board of Directors for IDPro org. He is also a member of the Kantara Initiative, ISC2, OpenID Foundation, and Women in Identity. Jon has presented his work at several conferences, including RSA, Identiverse, and KuppingerCole's European Identity and Cloud Conference. Currently, he owns Okta's workforce and customer IAM implementations as their Director of Okta on Okta.
Read more about Jon Lehtinen

Right arrow

Chapter 8: An Ounce of Prevention – Planning Your Administrative Model

In a fast-paced enterprise setting, many practitioners find themselves building piecemeal solutions to complex business challenges in reaction to the changing demands and urgent deadlines imposed upon them by the business. As both Identity and Access Management (IAM) and the cloud are high-value, business-enabling technologies, it can be challenging to take the time before implementation to contemplate what a sustainable implementation pattern looks like for the business. Although engaging in this planning exercise may frustrate some stakeholders, organizations that fail to plan out their cloud administrative models often find themselves limited by their own short-term technical solutions. Solving use cases such as these should be a holistic, multi-step design and analysis process.

In this chapter, we will evaluate how we would like to apply an administrative model to the Redbeard Identity organization...

Technical requirements

To get the most out of this chapter, you will need an AWS account.

Evaluating the organization's current IAM capabilities

Our objective over the next few chapters is to look for ways to link an organization's existing identity management infrastructure and the organization itself to AWS. More specifically, we want every administrator to have access to the backplane of the AWS account or accounts where appropriate, and for these existing user identities to become available to applications hosted on AWS. This means we will need to connect an existing org's IAM infrastructure to AWS and apply the appropriate provisioning, governance, and authorization models to ensure that appropriate access is granted. As we just completed a review of the AWS identity services, next we must look at our organization's IAM capabilities.

First, we must take an inventory of the current identity management landscape, capabilities, and maturity for the organization as that will help inform our administrative model. In order to make these examples comparable...

Evaluating the business structure and account schema

As part of this exercise and others in the following chapters, we will be creating several user accounts inside a directory that we can use with various AWS services. Let's take a look at a sample account and its available attributes:

Table 8.1 – One user record from the organization

We've built this organization to include several users with diverse attribute values in order to set up several example scenarios that we are likely to see in an enterprise use case. To help us stay focused on how we are solving identity challenges on AWS rather than concerning ourselves with needing to remember names, each employee record is named for their job title. Furthermore, each account will track to a specific AWS use case or environment. We will dive into the details of the AWS organizational design in the next section. For now, let's look at all the accounts inside of our directory and a few key...

Designing the AWS organizational structure

Now that we have ascertained our organization's IAM capabilities, its business requirements for AWS integration, and the account schema, we can begin to lay the groundwork for how we will manage our organization's AWS accounts. While small organizations may be able to address their cloud workloads within a single account, enterprise-grade organizations often need to have additional regulatory and compliance requirements that demand additional segmentation between business units, job functions, and workloads. A well-planned multi-account structure will provide these benefits without increasing the administrative overhead.

Mapping business functions to OUs

We will do this through an AWS organization, OUs, and organizational SCPs. Before we begin the work of configuring all these things in the Management Console, it will be helpful to first come up with and document our plan for the organizational hierarchy. First is our management...

Summary

In this chapter, we took a few moments to plan out our administrative model for an enterprise AWS deployment. We did this so we could accommodate the business requirements with a full understanding of the organization's IAM maturity and current-state capabilities, which will help us design administrative patterns that will be supportive in the long term. Once we had thought through the use cases, requirements, and capabilities, we designed and applied some high-level OU SCPs that will govern all the AWS accounts that we will be administrating moving forward.

We will build upon this foundational work in the next two chapters. First, in the next chapter, we will connect Redbeard Identity's external IDP and provision our administrative users into AWS SSO. Then, in Chapter 11, Bringing Your Users into AWS, we will address authentication and authorization use cases for those users into the AWS backplane.

Questions

  1. Which of these did we not consider when designing our administrative model?

    a. The number of employees in the organization

    b. Current-state IAM capability

    c. Business objectives

    d. Business function alignment

  2. Why did our Suspended OU have the FullAWSAccess SCP when we did not attach it to that OU?
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 17
Next Chapter
You have been reading a chapter from
Implementing Identity Management on AWS
Published in: Oct 2021Publisher: PacktISBN-13: 9781800562288
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Jon Lehtinen

Jon Lehtinen has 16 years of enterprise identity and access management experience and specializes in both the strategy and execution of IAM transformation in global-scale organizations such as Thomson Reuters, General Electric, and Apollo Education Group. In addition to his work in the enterprise space, he has held positions on Ping Identity's Customer Advisory Board and as an advisor to identity verification start-up EvidentID. He currently owns the workforce and customer identity implementations at Okta. Jon is dedicated to the growth and maturity of IAM as a profession and serves on the Board of Directors for IDPro org. He is also a member of the Kantara Initiative, ISC2, OpenID Foundation, and Women in Identity. Jon has presented his work at several conferences, including RSA, Identiverse, and KuppingerCole's European Identity and Cloud Conference. Currently, he owns Okta's workforce and customer IAM implementations as their Director of Okta on Okta.
Read more about Jon Lehtinen

Other recommended products

Related to this chapter

AWS Security Cookbook

AWS Security Cookbook

AWS Security Cookbook lists all the practical solutions to the common problems faced by individuals or organizations in securing their instances. Here readers will learn to troubleshoot security concerns and understand additional patterns and services for securing AWS infrastructure.

BookFeb 2020440 pages
Amazon Web Services Bootcamp

Amazon Web Services Bootcamp

AWS Bootcamp is designed to teach you how to build and manage AWS resources using different ways. This highly practical guide leverages the reliability, versatility, and flexible design of the AWS Cloud. It enables you to perform tasks such as hosting multi-tier websites, running large-scale applications, data storage and archival, and a lot more with ease.

BookMar 2018338 pages
AWS for System Administrators

AWS for System Administrators

AWS for System Administrators covers a variety of tools, techniques, tips, and tricks for building highly available and fault-tolerant infrastructure. You’ll get to grips with AWS fundamentals and concepts with the help of step-by-step explanations and practical code examples.

BookFeb 2021388 pages
Serverless Programming Cookbook

Serverless Programming Cookbook

The serverless architecture allows you to build and run applications and services without having to manage the infrastructure which saves cost and improves scalability. In this book, you will learn to harness serverless technology to reduce production time, minimize cost and have the freedom to customize your code, without hindering functionality.

BookJan 2019490 pages
Mastering AWS Security

Mastering AWS Security

Security is a key ingredient when it comes to workloads deployed in cloud. Security is highest priority for any organization and it is considered job zero at AWS. Our book will dig deep into the achieving end to end automated security for all workloads deployed, running and stored in AWS cloud.

BookOct 2017252 pages
Hands-On AWS Penetration Testing with Kali Linux

Hands-On AWS Penetration Testing with Kali Linux

The cloud is gaining more popularity than ever, and every organization is looking to shift its infrastructure to it. AWS particularly rules the roost with its market share. This book gets pentesters and sysadmins hands-on with pentesting AWS services using Kali Linux, covering detailed screenshots and custom scripts for automating the process.

BookApr 2019508 pages
AWS Certified Security – Specialty Exam Guide

AWS Certified Security – Specialty Exam Guide

Amazon has come up with Specialty certifications which validates a particular user's expertise that he/she would want to build a career in. This Guide will be a companion to getting skilled with complex and creative security solutions.

BookSep 2020558 pages
AWS Administration Cookbook

AWS Administration Cookbook

Organisations today are harnessing the power of AWS cloud products and solutions to scale and grow. Amazon web services provide a cloud computing infrastructure with storage, bandwidth, security and more over the internet. This book will begin with AWS fundamentals and will go further to help you build and administer your own cloud environment.

BookApr 2017394 pages
AWS SysOps Cookbook

AWS SysOps Cookbook

The AWS cloud provides on-demand computing resources that organizations of all types and sizes harness to create products and business solutions. This book will take you from the fundamentals to advanced features and services to help you administer your own AWS cloud environment.

BookSep 2019490 pages
Okta Administration: Up and Running

Okta Administration: Up and Running

Okta is one of the leading IAM platforms that consolidate identities for company tools. Okta Administration: Up and Running is a comprehensive introduction for those who are new to Okta’s products and will help you to understand and implement Okta’s features for enhanced security in your applications.

BookDec 2020268 pages
AWS Certified Developer - Associate Guide

AWS Certified Developer - Associate Guide

With rapid adaptation of the cloud platform, the need for cloud certification has also increased. This is your one stop solution and will help you transform yourself from zero to certified. This guide will help you gain technical expertise in the AWS platform and help you start working with various AWS Services.

BookJun 2019812 pages5
Expert AWS Development

Expert AWS Development

Continuous deployment and Agile methodology have enabled huge advances in modern applications. This book will enable the reader to make use of this rapidly evolving technology to build highly scalable applications within AWS using different architectures.

BookMar 2018408 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages