- Título: Trust No One, Automate Everything: EKS, IAM, and IRSA Made Easy
- Idioma: English
- Nivel: 300
- Topic: Containers
- Descripción:
Navigating the complexities of IAM roles and permissions in a container-based environment can be overwhelming. This talk will start by delving into the integration of AWS EKS and AWS Controllers for Kubernetes (ACK) with IAM Roles for Service Accounts (IRSA), providing a foundation for secure and automated access management.
But they are only part of the equation. As we look deeper into migrating components like MongoDB and NATS to AWS-native services such as DynamoDB and SQS, the challenge of precise and evolving IAM policy management becomes difficult for developers. To address this, we will introduce Intent-Based Access Control (IBAC), an approach that uses open-source controllers to automatically translate developer intents into effective IAM roles and policies, including trust relationships. This automation not only reduces the manual effort required but also ensures that permissions are tightly controlled, continuously aligning with zero-trust security principles.
Join Nic in this talk, where he will showcase the evolution of a microservices application, the 'dad jokes' app, from EKS as a dataplane to EKS as a proxy to cloud native services. He will demonstrate how to combine ACK with IBAC to ensure both developers and security teams can rest easy!
Nic is an experienced hands-on technologist, evangelist and product owner who has been working in the fields of Cloud-Native technologies, Open Source Software, Virtualization and Datacenter networking for the past 18 years.
Passionate about enabling users and building cool tech solving real-life problems, you'll often see him speaking at global tech conferences and online events, spreading the word and walking the walk with customers and users.