Navigating the complexities of IAM roles and permissions in a container-based environment can be overwhelming. This talk will start by delving into the integration of AWS EKS and AWS Controllers for Kubernetes (ACK) with IAM Roles for Service Accounts (IRSA), providing a foundation for secure and automated access management.

But they are only part of the equation. As we look deeper into migrating components like MongoDB and NATS to AWS-native services such as DynamoDB and SQS, the challenge of precise and evolving IAM policy management becomes difficult for developers. To address this, we will introduce Intent-Based Access Control (IBAC), an approach that uses open-source controllers to automatically translate developer intents into effective IAM roles and policies, including trust relationships. This automation not only reduces the manual effort required but also ensures that permissions are tightly controlled, continuously aligning with zero-trust security principles.

Join Nic in this talk, where he will showcase the evolution of a microservices application, the 'dad jokes' app, from EKS as a dataplane to EKS as a proxy to cloud native services. He will demonstrate how to combine ACK with IBAC to ensure both developers and security teams can rest easy!