Other access control models for multi-account environments
While RBAC and ABAC are the most commonly used models, other access control models are worth mentioning when handling multiple resource owners and AWS accounts. They are as follows:
- DAC: In this model, the owner of the resource has the discretion to decide who can access a specific resource and what operations they can perform on it. This model is flexible and intuitive, but it can be risky if the owner is not careful about granting permissions. Using separate AWS accounts with decentralized IAM can help achieve this model. Each AWS account owner is responsible for managing access to the resources created in his account.
- MAC: This model is more rigid and is often used in environments that require a high level of security. In MAC, access to resources is controlled by a central authority, not by the owner of the resource. This can be achieved by utilizing AWS Organizations, IAM Identity Center, and service control policies (SCPs) to centrally control permissions in a multi-account environment.
Choosing the right access control model
Each of these models has its strengths and weaknesses, and the choice of model depends on the specific requirements of an organization. In practice, many organizations use a combination of different models to achieve a balance between security and usability.
The following table (Table 3.1) compares different access control models mentioned in this section, helping to understand their characteristics and to choose the most suitable models for your specific requirements:
| Criteria/Model | RBAC | ABAC | DAC | MAC |
| Definition | Based on roles within an enterprise. Users are assigned roles, and roles have permissions. | Uses attributes (user, resource, environment) to make access decisions. | Resource owners decide who can access their resources. | Central authority controls access, not the resource owner. |
| Granularity | Medium: Based on roles. | High: Can be very specific based on multiple attributes. | High: Based on the owner’s discretion. | Based on central policies. |
| Flexibility | Moderate: Can be tailored to organizational roles. | High: Can adapt to dynamic conditions. | High: Entirely up to the resource owner. | Low: Rigid, defined by central authority. |
| Complexity | Can become complex with role explosion. | Complex due to multiple attributes but offers fine-grained control. | Moderate: Depends on the owner’s management. | Moderate to High: Centralized policies can be intricate. |
| Best for | Organizations with defined roles. | Dynamic environments that need fine-grained access control. | Scenarios where resource owners should have full control. | High-security environments that need centralized control at scale. |
| Potential Limitations | Role explosion; does not consider context | Complexity in managing multiple attributes | Risky if owners are not careful | Rigid, might not adapt quickly to changes |
Table 3.1 – Comparison of the different types of access control models
Building on the understanding of key access control models, let’s advance to the practical management of IAM identities, also known as principals, to apply these models effectively.