Learn why Just-in-Time (JIT) access is essential for Zero Trust security in AWS environments. Discover how StrongDM's JIT access enhances security, optimizes workflows, and ensures compliance with Zero Trust principles.
StrongDM manages and audits access to infrastructure.
- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
re:Invent 2023 was AWS’ 12th conference, and it did not disappoint. More than 50,000 of us descended onto Las Vegas for a week of learning, networking, and discussing all things cloud. The campus was insanely large, spanning most of the Las Vegas strip, so that meant we got our steps in! We had some fun along the way, as well, at the many social gatherings, parties and amazing musical experience re:Play.
It was great to hear Adam Selipsky, CEO of AWS say at his keynote:
“re:Invent remains, above all, a learning conference”
And this is so true. Tons of sessions were available to learn from. As for StrongDM, we learned tremendously… from our customers, future customers, and friends old and new.
We also listened intently. We enjoyed the thousands of conversations our executives and booth staff had in our booth during the week. Some of them were sobering and timely conversations about security issues that could be corrected with our help. We heard you loud and clear that you want more out of your access management solution. You want to rip out your legacy PAM and bring in true Dynamic Access Management that spans your legacy and cloud-native environments. You want to achieve actual wins that don’t just sound good on a white paper: You want Zero Standing Access, Zero Standing Privileges, and Zero Exposed Credentials.
StrongDM Continuous Zero Trust Authorization
Our CTO, Justin McCarthy, also presented something revolutionary on opening night: Continuous Zero Trust Authorization with Strong Policy Engine. Justin showed off how we’ll have real-time monitoring of access and operations across your infrastructure and the ability to enforce contextual access policies in real time. People were amazed and commented to us that this is not the PAM they know and hate. We built our new Strong Policy Engine on top of the AWS Cedar policy language, which allows us to implement an extremely fast and fine-grain in-line authorization engine that can make access decisions in milliseconds while the session is active.
From Sarah Cecchetti, Head of Product, Cedar, AWS:
“Software teams are building new applications for different use cases, and their security tooling must keep pace with them. They need ways to evaluate access continuously, not just at the point of entry. This includes robust security policies that are enforced in real time, all the time, and policy decisions that are informed by knowledge of the context on the ground. AWS created the Cedar policy language as a building block so that companies like StrongDM can build provable security into a new class of tools that are both easy and reliable. This next step in Zero Trust authorization has been a long time coming, and we're incredibly excited for this launch.”
We are excited to be working on this new evolution in dynamic access and will be making more announcements in the coming months.
Notable Announcements from AWS
It’s no surprise that AWS makes major announcements of new or updated services every year, and 2023 was no exception. Of those many announcements, we picked a few that we think are important to call out.
1. Amazon RDS for Db2IBM Db2 is now fully managed and part of Amazon RDS. Databases have been near and dear to us since the very beginning, and we’re pleased to announce that we have out-of-the-box support for the newest flavor of RDS. Read more details here.
2. IAM Access Analyzer Updates: Unused AccessWe’re huge fans of finding, reporting, and removing unused access, and welcome the newest capabilities in AWS IAM that allow our mutual customers to get closer to nuking unused and standing access once and for all. With this new capability, AWS allows admins to review unused IAM users/roles, access keys, passwords, services, and actions. We like the sound of that.
3. Amazon EKS Pod IdentityEKS specifically, and Kubernetes as a whole, is one of our favorite resource types that we support. We like to see AWS implement this new feature in EKS that allows EKS admins to configure new pods to have IAM roles associated with Kubernetes service accounts, giving pods finer grain access controls and least privilege access to AWS services.
There were many, many more announcements, too many to list here, but we’ll make an additional honorable mention: the innovation of AWS’ oldest service, S3, continues! Just ask our CEO, Tim Prendergast, who met S3 Bucket in real life!
Looking Ahead
We look forward to what AWS will have in store for the cloud world at its premiere event next year. We are certain that we will continue to evolve Dynamic Access Management for the modern world. Who knows, you may even see us in Philly for re:Inforce… In the meantime, follow our StrongDM loves AWS page.
I don’t know about you, but I think I need to soak my aching feet for another week after all that walking!
Want to see StrongDM in action? Book a demo.
About the Author
💙 this post?
Then get all that StrongDM goodness, right in your inbox.
You May Also Like
By simplifying the ability to enforce granular policies, Cedar has set a new benchmark for access control in Kubernetes, and we’re thrilled to be part of this journey. This evolution is a milestone for anyone dedicated to securing cloud infrastructure.
We are pleased to announce that Amazon has accepted StrongDM's native Go implementation of Cedar into the Cedar Policy Organization's official GitHub repository. This allows Go developers to use Cedar, a security and authorization framework built to be fast, secure, and analyzable natively in their Go programs.
The AWS Well-Architected Framework has been a staple for many years for AWS practitioners of all sorts, including cloud architects and platform engineers. It’s a blueprint for architectural and design best practices that will lay the foundation for resilience, operational efficiency, and security on the AWS Cloud.
