AWS Multi-Account Security: What Netflix Learned
Cloud Security Podcast13 Helmi 2025

AWS Multi-Account Security: What Netflix Learned

🚀 How do you secure thousands of AWS accounts without slowing down developers? Netflix’s cloud security experts Patrick Sanders & Joseph Kjar join us to break down their identity-first security model and share lessons from scaling security across a massive AWS multi-account environment.

In this episode, we cover:

  • Why identity, not network, is the best security boundary
  • The challenges of least privilege and right-sized access
  • How Netflix migrates IAM roles while minimizing disruptions
  • The impact of multi-account AWS security strategies


Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠Patrick's Linkedin +Joseph's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast


Questions asked:

(00:00) Introduction

(02:05) A bit about Joseph

(02:32) A bit about Patrick

(02:38) Scaling security across multiple accounts

(03:29) Least Privilege is hard

(06:44) Why go down the identity path?

(08:49) Identity based approach for least privilege

(15:43) Security at scale for Multi Account in AWS

(23:54) Lessons from the project

(27:02) What would be classified as an easy migration?

(30:55) How the project has progressed?

(35:01) Automation Pieces that enabled the project

(37:54) Where to start with scaling security across Multi Accounts?

(39:21) Resource Access Manager and how it fits into migration


Resources discussed in this interview:

Accelerate insights using AWS SDK instrumentation Talk

Patrick and Joseph’s Talk - Netflix's massive multi-account journey: Year two

Joseph and Patrick's previous interview on Cloud Security Podcast

Jaksot(346)

Guide to Hybrid Cloud & Bare Metal Secret Management

Guide to Hybrid Cloud & Bare Metal Secret Management

Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized soluti...

9 Heinä 202532min

"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control

"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control

Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them fro...

1 Heinä 202540min

Prioritizing Cloud Security: How to Decide What to Protect First

Prioritizing Cloud Security: How to Decide What to Protect First

When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins...

23 Kesä 202541min

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

In many organizations, security exception management is a manual process, often treated as a simple compliance checkbox. While necessary, this approach can lead to unmonitored configurations that drif...

17 Kesä 202528min

Using AI Agents to Solve Cloud Vulnerability Overload

Using AI Agents to Solve Cloud Vulnerability Overload

In this episode, Ashish Rajan talks with Harry Wetherald, Co-Founder & CEO of Maze, about the reality of modern vulnerability management. They explore why current tools like CNAPPs can generate up to ...

17 Kesä 202538min

Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)

Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)

AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unpreceden...

3 Kesä 202539min

Securing AI: Threat Modeling & Detection

Securing AI: Threat Modeling & Detection

Is Artificial Intelligence the ultimate security dragon, we need to slay, or a powerful ally we must train? Recorded LIVE at BSidesSF, this special episode dives headfirst into the most pressing debat...

27 Touko 202537min

CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?

CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?

As Artificial Intelligence reshapes our world, understanding the new threat landscape and how to secure AI-driven systems is more crucial than ever. We spoke to Ankur Shah, Co-Founder and CEO of Strai...

20 Touko 202540min