homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured

    Get a Free Hour of SANS Training

    Free Course Demos

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured: Solutions for Emerging Risks

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Building Strong Foundations: Exploring IaC for Cloud IAM
Cloud_Ace_Final.png
SANS Cloud Security

Building Strong Foundations: Exploring IaC for Cloud IAM

Go on a journey to explore the synergy between Identity and Access Management (IAM) and Infrastruture as Code (IaC).

September 15, 2023

Introduction

In the rapidly evolving landscape of cloud computing, security remains paramount. Ensuring the confidentiality, integrity, and availability of your cloud resources is a complex task that requires a well-defined approach. A crucial component of this strategy lies in Identity and Access Management (IAM), which plays a pivotal role in safeguarding sensitive data, controlling user access, and mitigating or reducing potential threats.

In the cloud world, where dynamic scalability and shared resources are the norm, traditional security models face new challenges. Here, IAM can step in to provide a robust solution to some of those. IAM offers a systematic approach to managing digital identities, defining access privileges, and regulating interactions within a cloud ecosystem. With IAM, you can determine precisely who can access what resources, under what circumstances, and with what level of authority.

But what if there was a way to elevate IAM management even further, making it not just secure, but also highly efficient, repeatable, easily scalable, and error-resistant? This is where Infrastructure as Code (IaC) comes into play. IaC is a transformative concept that empowers you to manage and provision your cloud infrastructure using code, allowing you to codify, version, and automate your setup. The fusion of IAM with IaC creates an interesting harmony with cloud security, streamlining access control, enhancing visibility, and enabling rapid responses to changes and challenges.

While IaC offers a degree of cloud-agnosticism by abstracting some cloud-specific concepts, it's important to note that complete cloud-agnosticism might not always be achievable due to provider-specific nuances. Nonetheless, the principles of IAM and IaC provide a highly standardized approach to security and automation that is applicable across various cloud environments and providers.

In this blog, we'll go on a journey to explore the synergy between IAM and IaC as a part of cloud security. We'll look into the significance of IAM in ensuring data integrity and confidentiality, and unveil the benefits of adopting IaC for IAM management. By the end, you'll have scratched the surface in understanding how to build a strong security foundation using these powerful tools, enabling a more secure and efficient cloud experience.

Understanding IAM Challenges

Now that we have an understanding of the important role IAM plays in cloud security, let's go deeper into the challenges that often arise when managing IAM resources manually. If you've tried managing IAM manually, you're likely well-acquainted with the complexities that accompany it, and if you haven't, lucky you.

Working within critical infrastructure as I do, especially with the European NIS and NIS2 regulations, IAM is always a major focal point for both internal and external auditors. Knowing who has access to what, when that access has been used, and making sure your infrastructure doesn't have highly privileged users without a business specific need, are some things we just have to be in control of, or possibly face repercussions.

Manually configuring and updating IAM roles, policies, and permissions can quickly become a convoluted task, especially as your cloud infrastructure expands. The risk of human error, whether it's granting excessive privileges or overlooking necessary access, looms large. This not only hampers security but also increases the chances of compliance or regulatory violations.  

As teams grow and projects evolve, maintaining consistency across IAM settings becomes increasingly daunting. It's not uncommon for teams to have different IAM policies or users, resulting in a fragmented security landscape. Additionally, keeping track of changes over time and maintaining an accurate record of who has access to what resources can quickly become an administrative nightmare.

The intricacies of IAM can also create barriers to agility. Manually configuring access for every new team member or service can slow down deployment processes. This friction between security and speed can lead to workarounds that undermine the very security measures IAM aims to enforce.

So, what's a possible solution? Automation. By embracing the principles of Infrastructure as Code (IaC), you can overcome many of these challenges and enhance your IAM management. Automating IAM resource provisioning and updates not only reduces the risk of errors but also ensures consistency across your cloud environment. This means that IAM settings can be treated as code, versioned, and deployed just like any other infrastructure element.

In a moment, we'll explore the advantages of automating IAM through IaC, demonstrating how it not only mitigates the challenges we've discussed but also lays the groundwork for a more secure and efficient cloud environment.

Getting Started with Terraform and IAM

Now that we have a clear understanding of the challenges surrounding manual IAM management, let's explore how Terraform comes to the rescue, offering a powerful and efficient solution. Terraform lets you define, manage, and provision your cloud infrastructure resources as code. This aligns perfectly with the goal of enhancing IAM management, providing a consistent and automated approach to access control. It might not be all aspects of IAM that's suited for being handled through Terraform, but there are certain places where it excels. We'll be exploring those here.

Terraform's syntax and structure are designed for simplicity and readability. At its core, you define your desired cloud infrastructure state in a declarative manner using HashiCorp Configuration Language (HCL). This means you specify what IAM resources you need, such as roles, policies, and permissions, without worrying about the how-to details. Terraform then takes care of translating your code into actual API calls to your cloud provider.

The beauty of Terraform is its vendor-agnostic nature. It supports the "big three" – AWS, Azure, and Google Cloud Project. Each of these platforms provides Terraform providers that offer a wide range of possibilities, including IAM-related ones. This means you can use the same Terraform syntax to manage IAM resources across different cloud providers, ensuring consistency in your access control strategy regardless of your chosen platform. Mind you, the code will be different, but the approach is generally the same.

When you want to use Terraform to define IAM roles, policies, and instance profiles you will, for AWS, be using the aws_iam_role, aws_iam_policy, and aws_iam_instance_profile resource types. Azure provides similar functionality with its azurerm_role_definition, azurerm_role_assignment, and other IAM-related resources. Google Cloud follows suit with its google_project_iam_binding, google_project_iam_member, and google_project_iam_policy resources.

A simple example using Terraform to define an Azure custom role would look like this:


resource "azurerm_role_definition" "custom_storage_role" {
  name        = "CustomStorageRole"
  scope       = "/subscriptions/00000000-0000-0000-0000-000000000000"
  description = "A custom role for read access to storage accounts"
  permissions {
    actions = [
      "Microsoft.Storage/storageAccounts/*/read"
    ]
  }
  assignable_scopes = ["/subscriptions/00000000-0000-0000-0000-000000000000"]
}

With this role you'd be able to list/view all storage account objects like blob services, file services etc. You wouldn't be able to create new objects or delete existing ones, as we haven't permitted those actions.

In AWS you would need a bit more code to do the same. With AWS you have to first define the custom access policy, then define the custom role, and lastly apply the custom access policy to the custom role. That would look like this:

# Here you create the custom access policy, stating what is allowed or not
resource "aws_iam_policy" "custom_storage_policy" {
name        = "CustomStoragePolicy"
description = "A custom policy for read access to s3 buckets"
  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action   = "s3:GetObject",
        Effect   = "Allow",
        Resource = "*"
      }
    ]
  })
}
# Here you define the custom role
resource "aws_iam_role" "custom_storage_role" {
  name = "CustomStorageRole"
  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = "sts:AssumeRole",
        Effect = "Allow",
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      }
    ]
  })
}
# And here you attach the custom access policy to the custom role
resource "aws_iam_role_policy_attachment" "custom_storage_role_policy_attachment" {
  storage_policy_arn = aws_iam_policy.custom_storage_policy.arn
  storage_role = aws_iam_role.custom_storage_role.name
}

 

In short, due to Terraform's approach to vendor-agnosticism, you're able to accomplish the same tasks for different Cloud Service Providers, but the road to get there might be slightly different. In the next section, we'll dive more into specific use cases and practical examples that showcase the power of Terraform in IAM management.

Implementing IAM Best Practices with Terraform

With a foundation on the importance of IAM and its challenges that come along with it, as well as an understanding of how Terraform can streamline parts of IAM management, let's delve into how you can implement some IAM best practices using Terraform. These best practices not only enhance your cloud security but also contribute to a more organized and efficient access control strategy. I'll focus on Azure from here on out, but both AWS and GCP have viable options for solving these challenges.

Secure Identity Provisioning and Deprovisioning:

Terraform enables pretty straight forward identity provisioning and deprovisioning by codifying account management processes. Now, using Terraform to manage very dynamic entities such as user accounts, might not always be the best solution, however you might very well utilize Terraform's capabilities to create, update, and delete system or service users, or Managed Identities in Azure. This way you can also set up easy restrictions on who can actually manage these resources.

Role-Based Access Control (RBAC) and Least Privilege:

As hinted at with the first example, you can leverage Terraform to define IAM roles and policies, adhering to the principle of least privilege. You can create custom roles tailored to specific responsibilities and attach only the strictly necessary permissions. This ensures that users and services have access to resources essential for their tasks without unnecessary privileges.

Multi-Factor Authentication (MFA) and Strong Authentication Policies:

Besides performing granular access control through custom roles, you can also strengthen authentication mechanisms by using Terraform to enforce MFA and strong authentication policies. You can configure IAM roles to require MFA for specific actions or under certain conditions, or in other words; conditional access through code.

So, How Can You Implement These Practices?

Secure Identity Provisioning and Deprovisioning:

To implement secure account provisioning and deprovisioning in Azure using Terraform, you can utilize the `azurerm_user_assigned_identity` resource. This resource allows you to create and manage Managed Identities, which can be associated with Azure resources, such as Virtual Machines or App Services.

 resource "azurerm_user_assigned_identity" "example_identity" {
    name                = "CustomManagedIdentity"
    resource_group_name = "CustomResourceGroup"
    location            = "northeurope"
}

 

However, just creating the identity is not going to help us much, so let's see what you can do to add permissions to your newly created account.

Role-Based Access Control (RBAC) and Least Privilege:

You can define custom Azure RBAC roles with Terraform's azurerm_role_definition resource. This allows you to assign appropriate permissions to these roles and associate them with users or groups using the azurerm_role_assignment resource. This way, you maintain fine-grained access control while keeping permissions aligned with responsibilities.

One option would be to simply use Azure built-in roles. You can assign these directly with the 'azurerm_role_assignment' resource, but what often happens is that Microsofts built-in roles can be a bit over permissive, e.g., the "Storage Account Contributor" built-it role also lets the identity create support tickets, which we might not need, so let's build a custom one just for fun. 

Say we expand on our previous custom role. We would like for the Managed Identity to be able to manage storage account creation, but it shouldn't be able to delete anything or create support tickets. That could look like this:

resource "azurerm_role_definition" "custom_storage_role" {
  name        = "CustomStorageRole"
  scope       = "/subscriptions/00000000-0000-0000-0000-000000000000"
  description = "A custom role for management of storage accounts"
  permissions {
    actions = [
      "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",#Joins resource such as storage account or SQL database to a subnet.
      "Microsoft.Resources/deployments/*", #Create and manage a deployment
      "Microsoft.Resources/subscriptions/resourceGroups/read", #Gets or lists resource groups.
      "Microsoft.Storage/storageAccounts/*", #Create and manage storage accounts  
    ]    not_actions = [
      "Microsoft.Support/*"
    ]  }
  assignable_scopes = ["/subscriptions/00000000-0000-0000-0000-000000000000"]
}

There's a bunch of additional permissions in the built-in role, that we don't explicitly need for our purpose, and have therefore been left out. The role we're left with, is able to deploy storage account resources to a given resource group and join the resource to a specified subnet. Or remove it again.

To assign it to the previously created Managed Identity, you would include the following code block:

resource "azurerm_role_assignment" "custom_assignment" {
  principal_id   = azurerm_user_assigned_identity.custom_identity.principal_id
  role_definition_name = azurerm_role_definition.custom_storage_role.name
  scope          = azurerm_role_definition.custom_storage_role.scope
}

 

And that's it! An attempt at a least privilege implementation of permissions for a Managed Identity managing storage accounts. 

Multi-Factor Authentication (MFA) and Strong Authentication Policies:

For your user accounts, you can easily implement and manage Azure MFA for specific user actions by utilizing Terraform's azuread_conditional_access_policy resource from the azuread provider - notice, previously we used the azurerm provider.

You start by creating an Azure policy that enforces MFA requirements and then assign this policy to specific users or groups using Terraform. You can even specify specific conditions to trigger the MFA authentication if you don't want to prompt for it at all times.

resource "azuread_conditional_access_policy" "custom_mfa_policy" {
  display_name  = "Custom Policy Require MFA"
  state         = "enabled"
 
  conditions {
    client_app_types = ["all"]
    applications {
      included_applications = ["Office365"]
    }
    locations {
      included_locations = ["All"]
      excluded_locations = ["AllTrusted"]
    }
    platforms {
      included_platforms = ["iOS", "windows"]      excluded_platforms = []
    }
  users {
    included_users = ["All"]
  }
}
grant_controls {
    operator          = "OR"
    built_in_controls = ["mfa"]
  }
}

 

The conditions define when the policy is applied, here it's for all client application types (browser, mobile clients, etc.), for access to Office365, from all locations other than those defined as trusted, using any iOS or Windows device (that probably says a bit of what I'm used to work with), for all your users. With this specific policy, you might run into an angry office mob rather quickly as it's quite generic, but you can easily adjust it to only be specific user groups or individuals like your privileged users.

The 'grant_controls' block specifies which built-in Azure policy we want to apply.

And with that, you have a working MFA policy for Azure, maintainable through Terraform. AWS and GCP have some amazing go-to resources and providers for the same functionality, so there's no reason not to try it out!

Wrapping up

As we've unpacked, managing IAM manually is laden with challenges. Missteps in configuration can have significant repercussions, leaving vulnerabilities in the security infrastructure, thus the importance of streamlined IAM processes cannot be overstated.

The potential benefits of Terraform in IAM management, especially in enforcing best practices, are considerable. From provisioning certain types of identities securely in Azure, adhering to the principle of least privilege, to enforcing stringent Multi-Factor Authentication or Conditional Access policies, Terraform emerges as an enabler of robust access control strategies.

In wrapping up, while the challenges of IAM are daunting, they are also necessary to overcome. Terraform offers a promising path forward. By utilizing Terraform in the right locations, staying informed about its challenges, and combining it with sound cloud architectural practices, organizations can harness the true potential of the cloud while maintaining rigorous security protocols.

SEC510: Cloud Security Controls and Mitigations

This blog supports content taught in our public cloud security course. Learn more about the course here.

About the Author

Andreas Laursen Lindhagen is a Senior IT Security Architect at DSB A/S, Danish State Railways. He holds multiple certifications, including GCLD and GPCS, and has more than six years of experience in information security, from both consultancy and critical infrastructure companies, focusing on cloud and security architecture. Andreas has a MSc in Information Technology with a specialization in Cybersecurity from the Technical University of Denmark. Connect with Andreas on LinkedIn.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recommended Training

  • SEC504™: Hacker Tools, Techniques, and Incident Handling™
  • SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
  • SEC522: Application Security: Securing Web Applications, APIs, and Microservices™

Tags:
  • Cloud Security

Related Content

Blog
Security Awareness, Artificial Intelligence (AI), Digital Forensics, Incident Response & Threat Hunting, Cloud Security, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Industrial Control Systems Security, Open-Source Intelligence (OSINT)
December 10, 2024
Top SANS Summit Talks of 2024
This year, SANS hosted 13 Summits from OSINT, ICS, Ransomware, DFIR to HackFest. Here were the top-rated talks of the year.
No Headshot Available
Alison Kim
read more
Blog
InstructorSpotlight_340x340.png
Cloud Security
March 22, 2023
Jon Zeolla: Instructor Spotlight
Get to know Jon Zeolla, instructor for SEC540: Cloud Security and DevSecOps Automation
Jon_Zeolla.jpg
Jon Zeolla
read more
Blog
powershell_option_340x340.jpg
Cyber Defense, Cybersecurity and IT Essentials, Cloud Security, Penetration Testing and Red Teaming
July 17, 2022
Month of PowerShell: Merging Two Files (Understanding ForEach)
A routine task (merging two files) leads us down the path of developing a better understanding of the ForEach command in PowerShell.
Josh Wright - Headshot - 370x370 2025.jpg
Joshua Wright
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn