New tutorial: Trusted profiles for secure cloud environments
28 June 2023
3 min read

Trusted profiles can serve as a foundation for secure cloud environments and as a building block for secure cloud solutions. In our new IBM Cloud solution tutorial, you are going to learn about trusted profiles, their use cases and how to utilize them for enhanced security.

Cloud environments and cloud security are always changing and evolving. If you are interested in or have to care about cloud security, you should be interested in our new IBM Cloud solution tutorial.

It looks at a feature of Identity and Access Management (IAM) that provides a special identity and can be used for access policies: Trusted profiles. You’ll learn about trusted profiles and then can follow the tutorial to create and utilize a trusted profile and discover and interpret related security logs. Get started to enhance security in your cloud environments.

New tutorial

In our new tutorial Use trusted profiles as foundation for secure cloud environments, we give an overview of what trusted profiles are and their typical use cases.

Similar to users and service IDs, trusted profiles are a type of identity supported by IBM Cloud Identity and Access Management (IAM). As such, they can be granted access in IAM policies. A difference from users and service IDs is that trusted profiles cannot own IAM API keys or, like users, may have passwords. They are an identity within a specific account that serves as a “gateway” for someone or something else to work within that account without the need for an API key. They can assume the identity of that trusted profile.

In the tutorial, you will learn how to use one of these gateways. You are going to create a trusted profile that is used by an application deployed to a Kubernetes cluster (see the architecture diagram above). You configure the trusted profile to accept the application in its namespace as a trusted environment—a so-called compute resource. With that, the app can switch to the identity of a specific trusted profile and perform (privileged administrative) tasks in the IBM Cloud account.

You will learn how to manage trusted profiles and to look for and understand related security logs. The screenshot below shows parts of an event logged to IBM Cloud Activity Tracker. It lists the trusted profile that was used for a request and information on the compute resource that was utilized to assume the identity.

Get started

To learn about trusted profiles and their role for secure cloud environments, check out our new tutorial.

The steps in the tutorial are all performed in the web browser. Moreover, the tutorial uses a pre-built container image for the app, so you don’t need to prepare. But if you are curious and want to learn more, then we can help. The source code for the Python app and its Dockerfile are available in a GitHub repository. (link resides outside ibm.com)

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) (link resides outside ibm.com), Mastodon (@data_henrik@mastodon.social)  (link resides outside ibm.com) or LinkedIn (link resides outside ibm.com).

 
Author
Henrik Loeser Technical Offering Manager / Developer Advocate