In this lab, you will configure AWS Identity and Access Management (IAM) at an enterprise scale. You will design and implement least-privilege policies, role-based access controls (RBAC), and attribute-based access controls (ABAC) across multiple projects. The lab will also guide you through automating the credential rotation process using AWS Secrets Manager and enforcing Multi-Factor Authentication (MFA) for access. Finally, to ensure governance and compliance, you will configure AWS Organizations with Service Control Policies (SCPs) and use CloudTrail for auditing and monitoring IAM actions.
A fintech company is rapidly growing and needs to scale its AWS IAM architecture. The security team wants to ensure that least-privilege access is enforced. They are also focused on automating security operations where possible to reduce human error and meet audit requirements. Implementing IAM at scale will involve integrating with multiple AWS services and enforcing security best practices across multiple accounts.
