사용자 관리 (Identity Management)
AWS가 제공하는 서비스들과 리소스에 대해 어떤 작업을 수행할 수 있는지를 사용자 별로 정의하고, 권한을 통제할 수 있는 기능과 관련된 영역입니다. 이 영역에 해당하는 AWS 보안 서비스들에는 다음과 같은 것들이 있습니다.
AWS IAM(Identity and Access Management)
사용자 별로 AWS 서비스들과 리소스에 대한 접근을 안전하게 통제(인증/인가)하는 기능을 제공합니다. AWS IAM을 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- IAM 및 AWS STS의 보안
- AWS 서비스에 사용되는 작업, 리소스 및 조건 키
- Welcome to the AWS Security Token Service API Reference
- Welcome to the AWS IAM Access Analyzer
- 동영상 [AWS Summit Seoul 2018] - 클라우드 여정을 성공적으로 수행하기 위한 AWS IAM 활용 전략
- 동영상 [AWS Summit Seoul 2019] - IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자!
- External - Complete AWS IAM Reference
- Support - Create Cloudwatch Event rule to notify me root user account was used
- Support - 일시 중지된 AWS 계정 다시 활성화
- Support - Why did I receive an "AccessDenied" or "Invalid information" error trying to assume a cross-account IAM role?
- Solution - Automated Account Configuration
- 가이드 - Automatically rotate IAM user access keys
- 가이드 - Send a notification when an IAM user is created
- GIT - CloudTracker - CloudTrail 로그 기반으로 한번도 사용 안한 권한에 대해 리포팅하는 툴
- GIT - Principal Mapper - IAM User와 Role 간의 관계를 가시화
- GIT - git-secrets - git에 AccessKeypair가 유출되었는지를 Scanning
- GIT - Gitleaks - git에 AccessKeypair가 유출되었는지를 Scanning
- GIT - cred_scanner - git에 AccessKeypair가 유출되었는지를 Scanning
- GIT - SKYARK - IAM 특권 User를 식별하고 Cloudtrail상에 기록된 중요 IAM action들을 분석하는 툴
- GIT - AWS KERBEROS STS - SAML IdP 기반으로 커베로스 인증하면 1시간 짜리 STS토큰이 발급되어 CLI를 이용할 수 있게 만들어 주는 스크립트 예제
- GIT - List of AWS Service Principals
- GIT - assume-aws-role
- GIT - Aardvark
- GIT - Repokid
- GIT - BLESS - Bastion's Lambda Ephemeral SSH Service
- GIT - iamlive
- GIT - parliament - IAM 정책 구문오류 분석
- Blog - Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
- Blog - Monitor and Notify on AWS Account Root User Activity
- Blog - Setting permissions to enable accounts for upcoming AWS Regions - 신규 도입 리전에 대한 IAM 활성화/비활성화 기능을 설명하는 블로그
- Blog - Create fine-grained session permissions using IAM managed policies
- Blog - How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory
- Blog - Introducing fine-grained IAM roles for service accounts
- Blog - Working backward: From IAM policies and principal tags to standardized names and tags for your AWS resources
- Blog - Create fine-grained session permissions using IAM managed policies
- Blog - How to centralize and automate IAM policy creation in sandbox, development, and test environments
- Blog - Automate analyzing your permissions using IAM access advisor APIs
- Blog - Simplify granting access to your AWS resources by using tags on AWS IAM users and roles
- Blog - Add Tags to Manage Your AWS IAM Users and Roles
- Blog - Delegate permission management to developers by using IAM permissions boundaries
- Blog - How to Rotate Access Keys for IAM Users
- Blog - Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
- Blog - Unit testing IAM policies across multiple accounts
- Blog - AWS IAM introduces updated policy defaults for IAM user passwords
- Blog - Easily control the naming of individual IAM role sessions
- Blog - Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication
- Blog - New! Streamline existing IAM Access Analyzer findings using archive rules
- Blog - How to automatically archive expected IAM Access Analyzer findings
- Blog - New IAMCTL tool compares multiple IAM roles and policies
- Blog - How to use trust policies with IAM roles
- Blog - Techniques for writing least privilege IAM policies
- Blog - Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service
- Blog - Identify unused IAM roles and remove them confidently with the last used timestamp
- Blog - How to scale your authorization needs by using attribute-based access control with S3
- Blog - Validate access to your S3 buckets before deploying permissions changes with IAM Access Analyzer
- Blog - Reset Your AWS Root Account’s Lost MFA Device Faster by Using the AWS Management Console
- Blog - IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity
- Blog - How to relate IAM role activity to corporate identity
- Blog - How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys
- Blog - Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles
- Blog - How to implement SaaS tenant isolation with ABAC and AWS IAM
- Blog - Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
- Blog - IAM makes it easier for you to manage permissions for AWS services accessing your resources
- Blog - How to use trust policies with IAM roles
- Blog - Automate resolution for IAM Access Analyzer cross-account access findings on IAM roles
- Blog - Use IAM Access Analyzer to generate IAM policies based on access activity found in your organization trail
- Blog - Managing temporary elevated access to your AWS environment
- Blog - Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining
- Blog - Managing temporary elevated access to your AWS environment
- Blog - How Setting Up IAM Users and IAM Roles Can Help Keep Your Startup Secure
- Blog - How to integrate AWS STS SourceIdentity with your identity provider
- Blog - How to control access to AWS resources based on AWS account, OU, or organization
- Blog - How to control access to AWS resources based on AWS account, OU, or organization
- Blog - Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere
- Blog - Eligible customers can now order a free MFA security key
- Blog - How to centralize findings and automate deletion for unused IAM roles
- Blog - Announcing an update to IAM role trust policy behavior
AWS Organizations
복수개의 AWS 어카운트들을 정책기반으로 관리할 수 있는 기능을 제공합니다. AWS Organization을 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- AWS Organizations의 보안
- Security in AWS Account Management
- Best Practice - AWS Multiple Account Security Strategy – 멀티 어카운트 환경을 효율적으로 관리하기 위한 모범사례 및 관리 전략
- Best Practice - Establishing your best practice AWS environment
- Support - AWS Organizations의 조직 간에 계정을 이동하려면 어떻게 해야 합니까?
- Support - Amazon Web Services 계정은 어떻게 해지합니까?
- 동영상 [AWS Summit Seoul 2017] - 멀티 어카운트 환경의 보안과 가시성을 높이기 위한 전략
- GIT - access-analyzer at master
- Blog - New! Set permission guardrails confidently by using IAM access advisor to analyze service-last-accessed information for accounts in your AWS organization
- Blog - How to Use Service Control Policies in AWS Organizations
- Blog - An easier way to control access to AWS resources by using the AWS organization of IAM principals
- Blog - How to use service control policies to set permission guardrails across accounts in your AWS Organization - SCP에 추가된 Resouce, NotAction, Condition에 대한 설명
- Blog - Best Practices for Organizational Units with AWS Organizations
- Blog - How to use AWS Organizations to simplify security at enormous scale
- Blog - Building a Shared Account Structure Using AWS Organizations
- Blog - Best practices for creating and managing sandbox accounts in AWS
- Blog - Cost Reporting Based on AWS Organizations Account ID Tags
- Blog - Simplifying permissions management at scale using tags in AWS Organizations
- Blog - Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
- Blog - How to perform automated incident response in a multi-account environment
- Blog - Managing the account lifecycle in account-per-tenant SaaS environments on AWS
- Blog - Update the alternate security contact across your AWS accounts for timely security notifications
- Blog - Migrating accounts between AWS Organizations with consolidated billing to all features
- Blog - Field Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations
- Blog - Securing resource tags used for authorization using a service control policy in AWS Organizations
- Blog - Programmatically managing alternate contacts on member accounts with AWS Organizations
- Blog - Implement AWS resource tagging strategy using AWS Tag Policies and Service Control Policies (SCPs)
- Blog - Identity Guide – Preventive controls with AWS Identity – SCPs
- Blog - AWS Organizations now provides a simple, scalable and more secure way to close your member accounts
- Blog - Get more out of service control policies in a multi-account environment
AWS Resource Access Manager
멀티 어카운트 환경에서 어카운트 간 리소스 공유관리 기능을 제공합니다. Resource Access Manager를 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- AWS RAM의 보안
- 동영상 - youtube - AWS RAM Console Demo
- Blog - VPC sharing: A new approach to multiple accounts and VPC management
- Blog - One to Many: Evolving VPC Design
- Blog - Control VPC sharing in an AWS multi-account setup with service control policies
AWS IAM Identity Center(Single Sign-On)
AWS콘솔과 SAML 2.0을 지원하는 비지니스 애플리케이션들에 대한 중앙 관리형 싱글 사인 온(SSO)서비스를 제공합니다(IDP역할). AWS IAM Identity Center을 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- AWS Single Sign-On 의 보안
- Welcome to the AWS SSO Identity Store API Reference Guide
- Welcome to the AWS SSO OpenID Connect (OIDC) API Reference Guide
- Welcome to the AWS SSO Portal API Reference Guide
- Tutorial: Azure AD integration with AWS - Microsoft 싸이트, Azure AD와 AWS SSO 간 연계
- 동영상 [AWS Cloud 2018] - 인공지능 보안 위협 감지 서비스 Amazon GuardDuty를 포함한 AWS 보안 신규 기능 업데이트
- 동영상 [AWS Unboxing Online Seminar] - AWS Single Sign-On (SSO) 서비스 집중 탐구
- 동영상 [AWS] - Demo of AWS Single Sign-On (SSO) with Azure Active Directory
- Blog - How to create and manage users within AWS Single Sign-On - AWS SSO의 AD그룹/사용자를 Organization에 맵핑/관리하는 방법을 안내
- Blog - How to retrieve short-term credentials for CLI use with AWS Single Sign-on
- Blog - AWS Single Sign-On integration with SAP Fiori in S/4HANA
- Blog - Enabling federation with AWS Single Sign-On and Amazon Connect
- Blog - How to enable secure access to Kibana using AWS Single Sign-On
- Blog - The Next Evolution in AWS Single Sign-On - Azure AD와 AWS SSO 간의 연동
- Blog - Enabling AWS Single Sign-On Service (SSO) Integration with Databricks Control Plane
- Blog - Single Sign-On between Okta Universal Directory and AWS
- Blog - How to use G Suite as an external identity provider for AWS SSO
- Blog - On-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell
- Blog - Get ready for upcoming changes in the AWS Single Sign-On user sign-in process
- Blog - Onboarding Amazon SageMaker Studio with AWS SSO and Okta Universal Directory
- EXT. Blog - AWS IAM Privilege Escalation – Methods and Mitigation
- Blog - New – Attribute-Based Access Control with AWS Single Sign-On
- Blog - How to bulk import users and groups from CSV into AWS SSO
- Blog - How to delegate management of identity in AWS Single Sign-On
- Blog - How AWS SSO Active Directory sync enhances AWS application experiences
- Blog - Federate Amazon Redshift access with Microsoft Azure AD single sign-on
- Blog - Using AWS SSO with Microsoft Azure AD to federate to AWS GovCloud (US)
- Blog - Field Notes: Integrating Active Directory Federation Service with AWS Single Sign-On
- Blog - Build an end-to-end attribute-based access control strategy with AWS SSO and Okta
- Blog - Federated Access to AWS Single Sign-On with CyberArk Workforce Identity
- Blog - How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS SSO
- Blog - Authenticate AWS Client VPN users with AWS Single Sign-On
- Blog - Use new account assignment APIs for AWS SSO to automate multi-account access
- Blog - Configure AWS SSO ABAC for EC2 instances and Systems Manager Session Manager
- Blog - Integrating Dropbox with AWS SSO for governed file sharing in an AWS Control Tower environment
- Blog - Field Notes: Integrating Active Directory Federation Service with AWS Single Sign-On
- Blog - Securing AWS Accounts with Azure Active Directory Federation
- Blog - Getting started with AWS SSO delegated administration
- Blog - Scale your workforce access management with AWS IAM Identity Center (previously known as AWS SSO)
- Blog - How to use customer managed policies in AWS IAM Identity Center for advanced use cases
- Blog - Manage permission sets and account assignments in AWS IAM Identity Center with a CI/CD pipeline
- Blog - Accelerate AWS IAM Identity Center (Successor to AWS Single Sign-On) Implementation using AWS Cloud Development Kit (AWS CDK)
- Blog - Integrate AWS IAM Identity Center (successor to AWS Single Sign-On) with AWS Lake Formation fine-grained access controls
- Blog - Announcing new AWS IAM Identity Center APIs to manage users and groups at scale
AWS Control Tower
엔터프라이즈 고객들을 위해, AWS의 멀티 어카운트를 위한 각종 모범사례를 기반으로, 안전하고 Well-architected된 멀티 어카운트 환경을 자동으로 구성해 주는 서비스입니다. AWS Organization, Single Sign-On, Config, Service Catalog 등 멀티어카운트 환경을 효율적이고 확장성 있게 관리하는 데 필요한 각종 서비스들이 자동으로 구성됩니다. AWS Control Tower를 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- AWS Control Tower 의 보안
- 동영상 - Provisioning Users in AWS Control Tower Using AWS SSO
- 동영상 - AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계
- 사례 - AWS 고객사례 라인게임즈
- GIT - Centralize SecurityHub - 전체 어카운트에 Security Hub 활성화
- QucikStart - Customizations for AWS Control Tower
- QuickStart - Cloud One Conformity AWS Control Tower integration
- Blog - Enabling self-service provisioning of AWS resources with AWS Control Tower
- Blog - How to Detect and Mitigate Guardrail Violation with AWS Control Tower
- Blog - AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack
- Blog - Enroll existing AWS accounts into AWS Control Tower
- Blog - Monitoring resources in an AWS Control Tower environment using Splunk from AWS Marketplace
- Blog - VPC Flow Log automation using AWS Control Tower LifeCycle
- Blog - How to get read-only visibility into the AWS Control Tower console
- Blog - Enabling guardrails in new AWS Regions the AWS Control Tower supports
- Blog - Extend a self-managed Active Directory to AWS Control Tower
- Blog - Self-service VPCs in AWS Control Tower using AWS Service Catalog
- Blog - How managed service providers can use AWS Control Tower to provide services
- Blog - Enabling Amazon GuardDuty in AWS Control Tower using Delegated Administrator
- Blog - Managing the multi-account environment using AWS Organizations and AWS Control Tower
- Blog - Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower
- Blog - Extend AWS Control Tower governance using AWS Config Conformance Packs
- Blog - How to automate the creation of multiple accounts in AWS Control Tower
- Blog - Enabling AWS IAM Access Analyzer on AWS Control Tower accounts
- Blog - Enroll Existing AWS Accounts into AWS Control Tower
- Blog - Migrating custom Landing Zone with RAM to AWS Control Tower
- Blog - Use AWS Control Tower to deploy AWS Quick Starts to multiple accounts
- Blog - New for AWS Control Tower – Region Deny and Guardrails to Help You Meet Data Residency Requirements
- Blog - Field Notes: Clear Unused AWS SSO Mappings Automatically During AWS Control Tower Upgrades
- Blog - Field Notes: Perform Automations in Ungoverned Regions During Account Launch Using AWS Control Tower Lifecycle Events
- Blog - Automate multi account data access in AWS using Couchbase and AWS Control Tower
- Blog - Automate multi account identity governance in AWS using Ermetic and AWS Control Tower
- Blog - Migrate AWS Landing Zone solution to AWS Control Tower
- Blog - AWS Control Tower Best Practices for AWS Solution Providers
- Blog - Supporting Data Residency Requirements by Extending AWS Control Tower Governance to Non-supported Regions
- Blog - Unified multi-account security and compliance with Sysdig Secure and AWS Control Tower
- Blog - Managing AWS account lifecycle in AWS Control Tower using the Account Close API
- Blog - Delegate account factory creation to parts of your organization with AWS Control Tower
- Blog - IP Address Management for AWS Control Tower
- Blop - AWS Cloud WAN and Amazon VPC IPAM with AWS Control Tower
- Blog - Customize AWS Config resource tracking in AWS Control Tower environment
Amazon Cognito
고객의 웹 및 모바일 애플리케이션 환경을 위한 사용자 등록, 인증, 접근제어 기능을 제공합니다. Amazon Cognito를 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- Amazon Cognito의 보안
- API - SetUICustomization - Cognito User Pool을 이용하는 빌트인 App의 인증 화면에 대한 Logo, CSS 커스터마이징 API
- Authenticate Users Using an Application Load Balancer - ALB에서 OIDC나 Cognito User Pool을 이용하여 모든 요청자에 대해 인증하는 방법 안내
- 동영상 [AWS Summit Seoul 2018] - Serverless 개발에서의 인증 완벽 가이드
- GIT - aws-cognito-apigw-angular-auth
- GIT - AWS Lambda SAP OAuth Token Generator
- GIT - Amazon Cognito sample application for Node.js
- GIT - Amazon Cognito Sync Manager for JavaScript
- GIT - Identity and Access Control for Custom Enterprise Applications - CUP와 OpenID, SAML, Social IDP 간의 연계 샘플
- GIT - JWT 토큰을 이용한 빌트인 로그인과 애플리케이션간의 연동 과정에 대한 데모
- GIT - Okta : Integrating IdP Sign In with Cognito
- GIT - Angular Lib for OpenID Connect & OAuth2
- GIT - cognito-learning: Learning how Cognito implements the OAuth flows
- QucikStart - Cognito User Profiles Export Reference Architecture
- Support - Okta를 Amazon Cognito 사용자 풀의 SAML 자격 증명 공급자로 설정하려면 어떻게 해야 합니까?
- Support - Auth0을 Amazon Cognito 사용자 풀의 SAML 자격 증명 공급자로 설정하려면 어떻게 해야 합니까?
- Support - Amazon Cognito 사용자 풀에서 SAML 자격 증명 공급자로서 AD FS를 설정하려면 어떻게 해야 합니까?
- Support - OneLogin을 Amazon Cognito 사용자 풀의 SAML 자격 증명 공급자로 설정하려면 어떻게 해야 합니까?
- Support - How can I decode and verify the signature of an Amazon Cognito JSON Web Token?
- Support - How do I enable TOTP as a multi-factor authentication for Amazon Cognito user pools?
- Support - Remember devices in an Amazon Cognito user pool
- QuickStart - Amazon Cognito를 사용한 SaaS 자격 증명 및 격리
- Solution - Multi-Region User Pools - 멀티 리전상에서 Cognito를 구성하는 CFN 템플릿
- Solution - Cognito User Profiles Export Reference Architecture
- 가이드 - Access AWS services from an ASP.NET Core app using Amazon Cognito identity pools
- Blog - How to Set Up Player Authentication with Amazon Cognito
- Blog - Implementing passwordless email authentication with Amazon Cognito
- Blog - Understanding Amazon Cognito user pool OAuth 2.0 grants
- Blog - Building ADFS Federation for your Web App using Amazon Cognito User Pools
- Blog - Serverless File Upload with AWS Cognito and S3
- Blog - AWS Cognito User Pool Access Token Invalidation
- Blog - Secure API Access with Amazon Cognito Federated Identities, Amazon Cognito User Pools, and Amazon API Gateway
- Blog - Now generally available: Amazon Cognito Authentication Extension Library
- Blog - Migrating Users to Amazon Cognito User Pools
- Blog - Simplify Login with Application Load Balancer Built-in Authentication - ALB 사용자 인증 기능에 대한 데모 싸이트 및 기능 구성을 설명
- Blog - Use Amazon QuickSight Federated Single Sign-On with Amazon Cognito User Pools - API G/W, Lambda를 이용하여 Cognito User Pool과 QuickSight간 SAML2.0 기반 SSO연동을 설명하는 블로그
- Blog - Role-based access control using Amazon Cognito and an external identity provider
- Blog - How to configure Duo multi-factor authentication with Amazon Cognito
- Ext. Blog - Setup AWS Cognito User Pool with an Azure AD identity provider to perform single sign-on (SSO) authentication in mobile app (Part 1)
- Ext. Blog - Cognito Wiki
- Blog - How to implement password-less authentication with Amazon Cognito and WebAuthn
- Blog - How to add authentication to a single-page web application with Amazon Cognito OAuth2 implementation
- Blog - Managing SaaS Identity Through Custom Attributes and Amazon Cognito
- 이제 Amazon Cognito에서 Amazon SNS에서 SMS Sandbox를 지원합니다
- Blog - Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM
- Blog - How to Use Cognito Pre-Token Generation trigger to Customize Claims In ID Tokens
- Blog - Implementing passwordless email authentication with Amazon Cognito
- Blog - Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy
- Blog - How to set case sensitivity in the Amazon Cognito console
- Blog - Implement OAuth 2.0 device grant flow by using Amazon Cognito and AWS Lambda
- Blog - How to set up Amazon Cognito for federated authentication using Azure AD
- Blog - Extending Amazon Cognito with Email OTP for 2FA using Amazon SES
- Blog - How to set up Amazon Cognito for federated authentication using Azure AD
- Blog - Implement OAuth 2.0 device grant flow by using Amazon Cognito and AWS Lambda
- Blob - Tracking and Remembering Devices Using Amazon Cognito Your User Pools
- Blog - Understanding Amazon Cognito user pool OAuth 2.0 grants
- Blog - Enriching Amazon Cognito features with an Amazon API Gateway proxy
- Blog - Amazon Cognito launches support for in-Region integration with Amazon SES and Amazon SNS
- Blog - Use Amazon Cognito to add claims to an identity token for fine-grained authorization
- Blog - Web application access control patterns using AWS services
AWS Directory Service
AWS가 제공하는 관리형 MS Active Directory 환경을 제공합니다. AWS Directory Service를 이용하는데 참고할 만한 유용한 내용들은 아래와 같습니다.
Bookmark
- AWS Directory Service의 보안
- Join an EC2 instance to your AWS Managed Microsoft AD directory
- MS AD - AWS Managed Microsoft AD
- AD Connector - Active Directory Connector
- Simple AD - Simple Active Directory
- Cloud Directory - Logging AWS Directory Service API Calls Using CloudTrail
- 백서 - Active Directory Domain Services on AWS - Design and planning guide
- Forum - Run Your Microsoft SharePoint and SQL Server Always On Availability Groups in the AWS Cloud More Easily by Using AWS Directory Service for Microsoft Active Directory
- GIT - AmazonCloudDirectory Sample
- GIT - aws-azure-login
- QuickStart - Duo MFA(on Radius Proxy) with AWS Directory Service - Duo MFA 제품을 써서 AWS DS에 MFA를 쉽게 구성할 수 있게 해주는 퀵스타트
- 가이드 - Authenticate Microsoft SQL Server on Amazon EC2 using AWS Directory Service
- Support - AD FS를 사용하여 Active Directory 사용자에게 API 또는 AWS CLI에 대한 액세스 권한을 부여하려면 어떻게 해야 합니까?
- Blog - How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0
- Blog - How to seamlessly domain join Amazon EC2 instances to a single AWS Managed Microsoft AD Directory from multiple accounts and VPCs
- Blog - How to Enable LDAPS for Your AWS Microsoft AD Directory
- Blog - How AWS Managed Microsoft AD Helps to Simplify the Deployment and Improve the Security of Active Directory–Integrated .NET Applications
- Blog - How to prompt users to reset their AWS Managed Microsoft AD passwords proactively
- Blog - How to Enable the Use of Remote Desktops by Deploying Microsoft Remote Desktop Licensing Manager on AWS Microsoft AD
- Blog - How to Migrate Your Microsoft Active Directory Users to Simple AD or AWS Managed Microsoft AD
- Blog - How to migrate your on-premises domain to AWS Managed Microsoft AD using ADMT
- Blog - How to Access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials
- Blog - Use attribute-based access control with AD FS to simplify IAM permissions management
- Blog - How to rapidly develop applications on Amazon Cloud Directory with Managed Schema
- Blog - How to Search More Efficiently in Amazon Cloud Directory
- Blog - New Cloud Directory API Makes It Easier to Query Data Along Multiple Dimensions
- Blog - How to Create an Organizational Chart with Separate Hierarchies by Using Amazon Cloud Directory
- Blog - How to improve LDAP security in AWS Directory Service with client-side LDAPS
- Blog - Seamlessly Join a Linux Instance to AWS Directory Service for Microsoft Active Directory
- Blog - How to configure an LDAPS endpoint for Simple AD
- Blog - How to Configure Even Stronger Password Policies to Help Meet Your Security Standards by Using AWS Directory Service for Microsoft Active Directory
- Blog - Enable Office 365 with AWS Managed Microsoft AD without user password synchronization
- Blog - Multi-Region Replication Now Enabled for AWS Managed Microsoft Active Directory
- Blog - How to Enable Your Users to Access Office 365 with AWS Managed Microsoft AD
- Blog - Manage your AWS Directory Service credentials using AWS Secrets Manager
- Blog - Everything you wanted to know about trusts with AWS Managed Microsoft AD
- Blog - Securely extend and access on-premises Active Directory domain controllers in AWS
- Blog - Integrate Okta to Extend Active Directory Infrastructure into AWS
- Blog - Build a strong identity foundation that uses your existing on-premises Active Directory
사용자 관리와 관련된 기타 유용한 링크들
- AWS 보안 자격 증명
- AWS 계정 루트 사용자 자격 증명과 IAM 사용자 자격 증명의 비교
- AWS 계정 루트 사용자 자격 증명이 필요한 AWS 작업
- 보안 자격 증명 이해 및 가져오기
- AWS 계정 식별자
- AWS 액세스 키 관리를 위한 모범 사례
- AWS 계정 루트 사용자 사용자의 액세스 키 관리
- Best Practice - AWS Secure Initial Account Setup – AWS 어카운트를 최초 생성했을때 체크하거나 고려해야 될 여러가지 보안 설정, 기능들에 대한 소개
- AWS 리전 관리
- Support - 내 계정을 다른 사람 또는 기업에 양도하려면 어떻게 해야 합니까?
- Support - AWS 계정에서 무단 활동이 발견되면 어떻게 해야 합니까?
- Real-Time Insights on AWS Account Activity – CloudTrail상의 콘솔 로그인 이벤트들을 바탕으로 각종 통계치와 비정상적인 이벤트들을 추출하여 대쉬보드로 보여주는 템플릿
- AWS Best Practice: Azure AD SAML Authentication Configuration for AWS Console - 외부 싸이트, Azure AD와 AWS 콘솔간 SAML 기반 인증 연계 방법
- AWS Landing Zone - AWS가 권장하는 모범사례 기반으로 안전한 멀티 어카운트 환경을 구성하기 위한 솔루션을 소개
- GIT - terraform-aws-secure-baseline - CIS Benchmark 1.2 기준이 적용된 AWS account 환경을 만들어 주는 테라폼
- GIT - AWS Secure Environment Accelerator
- Centrify : Adding and configuring a Custom SAML application - 외부 문서
- G-Suite : Set up your own custom SAML application - 외부 문서
- PING Identity : Add or update a SAML application - 외부 문서
- Blog - How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory
- Blog - Zero Trust architectures: An AWS perspective
- Blog - Approaches for authenticating external applications in a machine-to-machine scenario
- Blog - Essential security for everyone: Building a secure AWS foundation
- Blog - Automatically tag new AWS resources based on identity or role
- Blog - How to think about Zero Trust architectures on AWS
- Blog - Defining an AWS Multi-Account Strategy for a Digital Bank
- Blog - Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication
- Blog - Top 10 security items to improve in your AWS account
- Blog - Essential security for everyone: Building a secure AWS foundation
- Blog - How UnitedHealth Group Improved Disaster Recovery for Machine-to-Machine Authentication
- Blog - Establishing a data perimeter on AWS
Remarks
- 이 사이트의 모든 내용은 바뀌거나 수정될 수 있습니다.
- 공식적인 상세한 내용은 http://aws.amazon.com 의 내용을 참조하십시오.
- 제공되는 내용에 이견이 있거나 잘못된 링크를 발견하시면, 관리자(gisunlim@amazon.com)에게 메일을 주시면 대단히 감사하겠습니다.
개인 정보 보호 정책 | 사이트 이용 약관 | © 2020, Amazon Web Services, Inc. 또는 자회사. All rights reserved.
x