Marcus Hallberg
My name is Marcus, a security engineer at heart, and I work for Spotify in Stockholm, Sweden. I spend my time with a mix of detection and response as well as cloud security where my passion is in forensics and automation. When I have time off I enjoy rock climbing, folk dancing and cross-country skiing.
Session
Our presentation is about identity federation between GCP and AWS using AssumeRoleWithWebIdentity. We will share our setup and lessons learned from implementing this in production at Spotify, as well as how we verify service identity between different cloud providers. Additionally, we will discuss the setup for use cases such as cross-cloud forensics and incident response.
In our session we’ll deep dive into the AssumeRoleWithWebIdentity API and show how we can use it together with both native cloud SDKs as well as building our own self-signed token service to automate various use cases. Our presentation will cover:
- Deep dive into identity federation between GCP and AWS using AssumeRoleWithWebIdentity
- Our journey implementing this in production and our lessons learned.
- Demonstrating how this can be used for cross-cloud forensics and incident response purposes. E.g. collecting forensic artifacts between GCP projects and AWS accounts.
We’ll also cover options for how to automate the above methods for cross-cloud forensic purposes.