The document discusses AWS's Zelkova tool, which uses symbolic logic and satisfiability modulo theories (SMT) solving to encode identity and access management (IAM) policies as logical formulas. This allows customers to automatically check that their IAM configurations and governance rules are functioning as intended at scale. The document also describes how one enterprise customer, Bridgewater Associates, uses Zelkova to identify misconfigurations and reduce risks in their AWS environment.
10. ZELKOVA provides provable security for
customers in the cloud by leveraging automated
reasoning to verify key IAM enterprise
governance & data privacy controls are
implemented as intended, at scale
ZELKOVA
17. “The ability to formally prove a policy in AWS enables
automation that can provide an accurate holistic view of access
in your environment and bolsters compliance adherence.”
Will Bengtson
Principal Security Engineer
Netflix