SEC324: How Vanguard Matured IAM Controls to Support Micro Accounts - a podcast by AWS

In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.

Further episodes of AWS re:Invent 2018

Further podcasts by AWS

Website of AWS