ACD402

Your AWS root credential set

Room: Room 4 | Time: 11:00

Is it secret? Is it safe? Managing the one credential set to rule them all comes with a considerable amount of effort. Even worse, AWS provides APIs to effectively privilege escalate a normal AWS admin role/user to root. What paths can a hacker take to completely takeover your AWS account, or even organization, and what mechanisms can you implement to combat this?

Carlo van Overbeek
Security DevOps Engineer Cloud