By Henrik Loeser 3 min read
June 28, 2023

Trusted profiles can serve as a foundation for secure cloud environments and as a building block for secure cloud solutions. In our new IBM Cloud solution tutorial, you are going to learn about trusted profiles, their use cases and how to utilize them for enhanced security.

Cloud environments and cloud security are always changing and evolving. If you are interested in or have to care about cloud security, you should be interested in our new IBM Cloud solution tutorial.

It looks at a feature of Identity and Access Management (IAM) that provides a special identity and can be used for access policies: Trusted profiles. You’ll learn about trusted profiles and then can follow the tutorial to create and utilize a trusted profile and discover and interpret related security logs. Get started to enhance security in your cloud environments.

Solution architecture for app performing privileged tasks.

New tutorial

In our new tutorial Use trusted profiles as foundation for secure cloud environments, we give an overview of what trusted profiles are and their typical use cases.

Similar to users and service IDs, trusted profiles are a type of identity supported by IBM Cloud Identity and Access Management (IAM). As such, they can be granted access in IAM policies. A difference from users and service IDs is that trusted profiles cannot own IAM API keys or, like users, may have passwords. They are an identity within a specific account that serves as a “gateway” for someone or something else to work within that account without the need for an API key. They can assume the identity of that trusted profile.

In the tutorial, you will learn how to use one of these gateways. You are going to create a trusted profile that is used by an application deployed to a Kubernetes cluster (see the architecture diagram above). You configure the trusted profile to accept the application in its namespace as a trusted environment—a so-called compute resource. With that, the app can switch to the identity of a specific trusted profile and perform (privileged administrative) tasks in the IBM Cloud account.

You will learn how to manage trusted profiles and to look for and understand related security logs. The screenshot below shows parts of an event logged to IBM Cloud Activity Tracker. It lists the trusted profile that was used for a request and information on the compute resource that was utilized to assume the identity.

Activity Tracker log record for security event.

Get started

To learn about trusted profiles and their role for secure cloud environments, check out our new tutorial.

Use trusted profiles as a foundation for secure cloud environments

The steps in the tutorial are all performed in the web browser. Moreover, the tutorial uses a pre-built container image for the app, so you don’t need to prepare. But if you are curious and want to learn more, then we can help. The source code for the Python app and its Dockerfile are available in a GitHub repository.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik), Mastodon (@data_henrik@mastodon.social) or LinkedIn.

Categories

Cloud  |  Cybersecurity

Tags

 |  | 
Henrik Loeser
Technical Offering Manager / Developer Advocate

More from Cloud
October 2, 2023

IBM Tech Now: October 2, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 86 On this episode, we're covering the following topics: AI on IBM Z IBM Maximo Application Suite 8.11 IBM NS1 Connect Stay plugged in You can check out the IBM Blog Announcements for a…

September 29, 2023

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

September 26, 2023

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

September 26, 2023

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…