AWS Classroom Series – 28/Jul/2020

Scenarios

  • Account for Personal Usage Preview
  • Account for Organizational Usage
    • Lets take an organization called as directdevops
    • In this organization we have
      • developers
      • testers
      • admins
      • Finance
    • DirectDevops uses aws for hosting their popular ecommerce application
    • James creates an AWS account & some services for runnning ecommerce application Preview
    • Now should all the employees get full access to all the ecommerce resources? No
    • So how can we authenticate and authorize our employees? AWS has Identity and Access Management (IAM) which helps in resolving the authentication & authorization to users, groups
    • So lets try to understand IAM

AWS IAM

  • IAM is a web service that helps you to securely control access to AWS resources. We use IAM to control who is authenticate and authorized to use resources.

  • What are different ways of using AWS

    • Console Access
      • You need Login url, username & password
    • Programmatic Access
      • You need Access Key ID and Secret Key to login Preview
  • Who can need permissions for resources in AWS?

    • Users:
      • Employees of organization
      • Applications of your organization
    • Roles:
      • Permission given to AWS Service/Resource to access other AWS Service/Resource in same/different account. Preview
  • User and Role define authentication, But how about authorization? In AWS authorizations are controlled by IAM Policiy

  • When we have lot of users giving each user permission is difficult, IN AWS IAM we can create groups and add users to the group. Preview

  • IAM Policies are of two types

    • AWS Managed Policies:
      • AWS gives you ready made policies which you can reuse
    • Customer Managed Policies:
      • Policies created by organization for custom authentication
  • IAM Policy can be attached to

    • User
    • Role
    • Group
  • Scenario: Lets add a group called as avengers. We need our super heros ironman, thor & captian america to be added as users.

    • For this scenario we will be giving ironman an administrator and captian america & thore some other AWS Managed policy Preview
    • Refer Here for how to do

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin