从静态到动态：AWS Access Management 现代化 [重复].pdf

《从静态到动态：AWS Access Management 现代化 [重复].pdf》由会员分享，可在线阅读，更多相关《从静态到动态：AWS Access Management 现代化 [重复].pdf（38页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 3 3 3-RFrom Static to Dynamic:Modernizing AWS Access ManagementMeg PeddadaShe/HerSenior Partner Solutions ArchitectGlobal Financial ServicesLiam WadmanHe/HimPr

2、incipal Solutions ArchitectAWS Identity 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Agenda01Setting the scene06SSM Hybrid Activations02The AWS SDK and credentials07Credential Brokers03IAM Roles Anywhere08Recap,Q&A04SAML Federation05Web Identity 2025,Amazon Web Services,Inc.or

3、its affiliates.All rights reserved.Recap on AWS Creds/.aws/credentialsprofile defaultaws_access_key_id=AKIAIOSFODNN7EXAMPLEaws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYSigv4HumansMachinesGET/HTTP/1.1Host:Authorization:SeeNextSlidebucket-region=us-east-1&continuation-token=10&max-buc

4、kets=50&prefix=reinventAmazon S3 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Recap on Sigv4/.aws/credentialsprofile defaultaws_access_key_id=AKIAIOSFODNN7EXAMPLEaws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYAuthorization:AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN

5、7EXAMPLE/TODAYSDATE/AWS-REGION/s3/aws4_request,SignaturekSecret =AWS4+wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYkDate =HMAC-SHA256(kSecret,TODAYSDATE)kRegion =HMAC-SHA256(kDate,AWS-REGION)kService =HMAC-SHA256(kRegion,s3)kSigning =HMAC-SHA256(kService,aws4_request)Signature =HMAC-SHA256(kSigning,Strin

6、gToSign)R 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Mapping the problemPasswordsCredential filesCode reposHumansMachinesSticky under the keyboardExcelPaste binHardcoded in imagesRepositoryPassword managersEnvironmentvariables 2025,Amazon Web Services,Inc.or its affiliates.Al