06-12, 14:00–14:40 (US/Pacific), Salon B
Large scale heterogeneous data sets cannot always be locked down using readily available tools, like AWS IAM. With some understanding of how access is provisioned and requests are signed, however, we can build a dynamic control plane that provides access to data in a flexible and highly auditable manner that is compatible with least privilege. This talk will cover techniques for providing just-in-time access to data in any cloud datastore, with primary focus on Amazon's S3 and Google's GCS object stores.
Josh is a software engineer whose specializations include infrastructure automation, databases, and cryptography. His recent work has focused on software supply chain and infrastructure security.