1. Introduction

Workshop Overview

This workshop will guide you through implementing a comprehensive Identity Governance system with Access Certification on AWS, including:

  • Access Governance: Managing and controlling access rights
  • Certification Automation: Automating access certification processes
  • Privilege Analytics: Analyzing and monitoring privileges
  • Risk Assessment: Security risk evaluation
  • Monitoring Setup: Setting up continuous monitoring
  • Operational Procedures: Operational processes
  • Audit Procedures: Audit processes
  • Compliance Validation: Compliance verification

Overall Architecture

Architecture Diagram

AWS Services Used (Minimal Architecture)

  • AWS IAM Identity Center - Centralized access management
  • AWS IAM - Identity and access management
  • AWS Lambda - Automation and processing functions
  • Amazon EventBridge - Event-driven orchestration
  • Amazon DynamoDB - Data storage for certifications
  • Amazon S3 - Log storage and data lake
  • AWS CloudTrail - Audit logging
  • Amazon CloudWatch - Monitoring and metrics
  • Amazon SNS - Notifications and alerts
  • Amazon QuickSight - Analytics dashboard
  • AWS Security Hub - Risk assessment and compliance

Benefits of Identity Governance

1. Enhanced Security

  • Strict access control
  • Security risk detection and prevention
  • Continuous activity monitoring

2. Regulatory Compliance

  • Meet SOX, SOC2, ISO27001 requirements
  • Automated audit processes
  • Compliance evidence storage

3. Operational Efficiency

  • Automated certification processes
  • Reduced manual work
  • Improved management processes

Completion Time

Approximately 4-6 hours (can be divided into multiple sessions)

Next Steps

Continue to 2. Preparation Steps to start setting up the environment.