Mar 15–18, 2020

Conquering the AWS IAM conundrum

Lars George (Okera)
5:05pm5:45pm Tuesday, March 17, 2020
Location: LL20C

Who is this presentation for?

Data engineers, data architects, developers




The AWS IAM service is designed to track system users and information regarding how they get authenticated. It’s commonly used to protect objects, such as data files, in AWS S3, which forms the most important layer of an S3 data lake.

With various levels of security layers and different departments responsible for types of data, Lars George identifies a number of challenges involved in managing the security and governance of AWS IAM.

It’s important to look at the difficulties of managing access to S3 resources and what creates a state-of-the-art security architecture, including perimeter security, authentication, authorization, and service access. The problem with these various levels of security is who owns the security levels. Business units want to control who has access to what data, while IT departments traditionally are responsible for infrastructure and enterprise-wide services. This is where the first problem starts—the data lake architectures fall apart and turn into data swamps if not managed properly.

This is really where the AWS IAM problem is most apparent. IAM overloads IT and business interests just like the pre-data lake system architectures did, in addition to its limited support for fine-grained access control. The limitations of IAM become more obvious as privacy regulations demand a lot more security.

With all of these issues, Lars leads a dive deep into this IAM conundrum, what sets security architectures up for success, how to ensure you’re getting the most out of AWS IAM, what the real requirements are for gaining access control in data lakes (and how to prevent your data lake from becoming a data swamp).

Prerequisite knowledge

  • General knowledge of AWS IAM and data architecture

What you'll learn

  • Learn how AWS IAM works, what critical security layers are needed to ensure a proper security architecture and the perils and pitfalls for AWS IAM
  • Identify solutions

Lars George


Lars George is the principal solutions architect at Okera. Lars has been involved with Hadoop and HBase since 2007 and became a full HBase committer in 2009. Previously, Lars was the EMEA chief architect at Cloudera, acting as a liaison between the Cloudera professional services team and customers as well as partners in and around Europe, building the next data-driven solutions, and a cofounding partner of OpenCore, a Hadoop and emerging data technologies advisory firm. He’s spoken at many Hadoop User Group meetings as well as at conferences such as ApacheCon, FOSDEM, QCon, and Hadoop World and Hadoop Summit. He started the Munich OpenHUG meetings. He’s the author of HBase: The Definitive Guide (O’Reilly).

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)

Contact us

For conference registration information and customer service

For more information on community discounts and trade opportunities with O’Reilly conferences

Become a sponsor

For information on exhibiting or sponsoring a conference

For media/analyst press inquires