1. Introduction
Workshop Overview
This workshop will guide you through implementing a comprehensive Identity Governance system with Access Certification on AWS, including:
- Access Governance: Managing and controlling access rights
- Certification Automation: Automating access certification processes
- Privilege Analytics: Analyzing and monitoring privileges
- Risk Assessment: Security risk evaluation
- Monitoring Setup: Setting up continuous monitoring
- Operational Procedures: Operational processes
- Audit Procedures: Audit processes
- Compliance Validation: Compliance verification
Overall Architecture

AWS Services Used (Minimal Architecture)
- AWS IAM Identity Center - Centralized access management
- AWS IAM - Identity and access management
- AWS Lambda - Automation and processing functions
- Amazon EventBridge - Event-driven orchestration
- Amazon DynamoDB - Data storage for certifications
- Amazon S3 - Log storage and data lake
- AWS CloudTrail - Audit logging
- Amazon CloudWatch - Monitoring and metrics
- Amazon SNS - Notifications and alerts
- Amazon QuickSight - Analytics dashboard
- AWS Security Hub - Risk assessment and compliance
Benefits of Identity Governance
1. Enhanced Security
- Strict access control
- Security risk detection and prevention
- Continuous activity monitoring
2. Regulatory Compliance
- Meet SOX, SOC2, ISO27001 requirements
- Automated audit processes
- Compliance evidence storage
3. Operational Efficiency
- Automated certification processes
- Reduced manual work
- Improved management processes
Completion Time
Approximately 4-6 hours (can be divided into multiple sessions)
Next Steps
Continue to 2. Preparation Steps to start setting up the environment.