How to Minimize Unintended Access and Achieve Least Privilege with Ermetic and AWS

In his recent post for the AWS Partner Network (APN) Blog, Lior Zatlavi takes a look at minimizing unintended access and achieving least privilege with Ermetic and AWS.

He sets up a scenario in which an identity has unintended access to a workload at the same time that it has access to an AWS Identity and Access Management (IAM) role with AWSS3FullAccess attached. He then offers the same situation "when that IAM role has a right-sized IAM policy that only allows access to the specific buckets and actions required to perform its business functions."

The difference in this scenario have massive implications "for business continuity, data privacy, and regulatory sanctions—or all of the above," says Lior. "Unfortunately, just figuring out the effective permissions of each identity in your environment can be overwhelming."

This is exactly why Ermetic developed a permissions analysis engine to automatically perform this task for both human and workload identities in an environment.

Read the full post on the APN blog to understand the real-world challenges the Ermetic platform can help you address. In the post, Lior explains how to set up the platform in your environment and get maximum value.