Trusted profiles can serve as a foundation for secure cloud environments and as a building block for secure cloud solutions. In our new IBM Cloud solution tutorial, you are going to learn about trusted profiles, their use cases and how to utilize them for enhanced security.
Cloud environments and cloud security are always changing and evolving. If you are interested in or have to care about cloud security, you should be interested in our new IBM Cloud solution tutorial.
It looks at a feature of Identity and Access Management (IAM) that provides a special identity and can be used for access policies: Trusted profiles. You’ll learn about trusted profiles and then can follow the tutorial to create and utilize a trusted profile and discover and interpret related security logs. Get started to enhance security in your cloud environments.
Similar to users and service IDs, trusted profiles are a type of identity supported by IBM Cloud Identity and Access Management (IAM). As such, they can be granted access in IAM policies. A difference from users and service IDs is that trusted profiles cannot own IAM API keys or, like users, may have passwords. They are an identity within a specific account that serves as a “gateway” for someone or something else to work within that account without the need for an API key. They can assume the identity of that trusted profile.
In the tutorial, you will learn how to use one of these gateways. You are going to create a trusted profile that is used by an application deployed to a Kubernetes cluster (see the architecture diagram above). You configure the trusted profile to accept the application in its namespace as a trusted environment—a so-called compute resource. With that, the app can switch to the identity of a specific trusted profile and perform (privileged administrative) tasks in the IBM Cloud account.
You will learn how to manage trusted profiles and to look for and understand related security logs. The screenshot below shows parts of an event logged to IBM Cloud Activity Tracker. It lists the trusted profile that was used for a request and information on the compute resource that was utilized to assume the identity.
To learn about trusted profiles and their role for secure cloud environments, check out our new tutorial.