Identity is the control plane. In cloud environments, most major incidents eventually become an IAM story: a trusted principal, an overbroad permission, a weak boundary, or a missing detection.
Notes To Develop
- aws-centralized-root-access
- Human access patterns: SSO, break-glass, MFA, and session duration
- Workload identity: roles, service accounts, managed identities, and federation
- Permission design: least privilege, privilege boundaries, and scoped automation
- Review cadence: detecting unused access and risky grants
Useful Checks
- Can this principal create or modify other principals?
- Can it pass roles, assume roles, or mint credentials?
- Can it disable logging, encryption, or network controls?
- Is the access temporary, attributable, and observable?