June 28, 2023 By Henrik Loeser 3 min read

Trusted profiles can serve as a foundation for secure cloud environments and as a building block for secure cloud solutions. In our new IBM Cloud solution tutorial, you are going to learn about trusted profiles, their use cases and how to utilize them for enhanced security.

Cloud environments and cloud security are always changing and evolving. If you are interested in or have to care about cloud security, you should be interested in our new IBM Cloud solution tutorial.

It looks at a feature of Identity and Access Management (IAM) that provides a special identity and can be used for access policies: Trusted profiles. You’ll learn about trusted profiles and then can follow the tutorial to create and utilize a trusted profile and discover and interpret related security logs. Get started to enhance security in your cloud environments.

Solution architecture for app performing privileged tasks.

New tutorial

In our new tutorial Use trusted profiles as foundation for secure cloud environments, we give an overview of what trusted profiles are and their typical use cases.

Similar to users and service IDs, trusted profiles are a type of identity supported by IBM Cloud Identity and Access Management (IAM). As such, they can be granted access in IAM policies. A difference from users and service IDs is that trusted profiles cannot own IAM API keys or, like users, may have passwords. They are an identity within a specific account that serves as a “gateway” for someone or something else to work within that account without the need for an API key. They can assume the identity of that trusted profile.

In the tutorial, you will learn how to use one of these gateways. You are going to create a trusted profile that is used by an application deployed to a Kubernetes cluster (see the architecture diagram above). You configure the trusted profile to accept the application in its namespace as a trusted environment—a so-called compute resource. With that, the app can switch to the identity of a specific trusted profile and perform (privileged administrative) tasks in the IBM Cloud account.

You will learn how to manage trusted profiles and to look for and understand related security logs. The screenshot below shows parts of an event logged to IBM Cloud Activity Tracker. It lists the trusted profile that was used for a request and information on the compute resource that was utilized to assume the identity.

Activity Tracker log record for security event.

Get started

To learn about trusted profiles and their role for secure cloud environments, check out our new tutorial.

Use trusted profiles as a foundation for secure cloud environments

The steps in the tutorial are all performed in the web browser. Moreover, the tutorial uses a pre-built container image for the app, so you don’t need to prepare. But if you are curious and want to learn more, then we can help. The source code for the Python app and its Dockerfile are available in a GitHub repository.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik), Mastodon (@data_henrik@mastodon.social) or LinkedIn.

Was this article helpful?

More from Cloud

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters