Day 2. IAM is the thing everyone skips and then breaks production with. Doing it properly now while the projects are small.
Topics to cover:
- IAM core model — users, roles, policies, principals, and how a request gets evaluated
- Writing least-privilege policies — Action / Resource / Condition keys, common patterns
- Cross-account roles and STS AssumeRole — when and why
- Agent-side security — prompt injection, tool authorization, scoped per-user credentials
- Secrets handling — Secrets Manager vs Parameter Store, rotation, KMS basics
Plan: Chandana on policies and AssumeRole, me on agent-side threats, both of us on secrets handling.
Day 2. IAM is the thing everyone skips and then breaks production with. Doing it properly now while the projects are small.
Topics to cover:
Plan: Chandana on policies and AssumeRole, me on agent-side threats, both of us on secrets handling.