Learn about federating AWS CLI access in this 24-minute conference talk from BSides San Francisco 2015. Explore the challenges of secure credential management and discover solutions using credential services, SAML, LDAP, and Shibboleth. Examine the implementation of AWS Security Token Service (STS) and the Aeris system. Discuss known issues, potential problems, and future improvements for federated AWS CLI access. Gain insights into enhancing security and streamlining authentication processes for AWS command-line operations.
Overview
Syllabus
Intro
Introductions!
Agenda
Why are we doing this?
Media examples
Or maybe something like this?
How can we fix this?
If only there was a credential service!?
Now we need a middleman that can talk SAML and LDAP...
Shibboleth
Knowns, Unknowns, Success Factors
AWS STS what?
How do we do this? Thought process...
Aeris (high level)
Wait... 1 hour creds right?
Process diagram
Issues: Documentation • Session token use was not documented
Issues: Bugs • Boo's STS library was hardcoded with AnonFalse 10U'RE WELCOME
Potential future problems (cont.)
Pre-release Improvements
Future Improvements
