AWS Classroom Series – 28/Jul/2020

Scenarios

  • Account for Personal Usage Preview
  • Account for Organizational Usage
    • Lets take an organization called as directdevops
    • In this organization we have
      • developers
      • testers
      • admins
      • Finance
    • DirectDevops uses aws for hosting their popular ecommerce application
    • James creates an AWS account & some services for runnning ecommerce application Preview
    • Now should all the employees get full access to all the ecommerce resources? No
    • So how can we authenticate and authorize our employees? AWS has Identity and Access Management (IAM) which helps in resolving the authentication & authorization to users, groups
    • So lets try to understand IAM

AWS IAM

  • IAM is a web service that helps you to securely control access to AWS resources. We use IAM to control who is authenticate and authorized to use resources.

  • What are different ways of using AWS

    • Console Access
      • You need Login url, username & password
    • Programmatic Access
      • You need Access Key ID and Secret Key to login Preview

  • Who can need permissions for resources in AWS?

    • Users:
      • Employees of organization
      • Applications of your organization
    • Roles:
      • Permission given to AWS Service/Resource to access other AWS Service/Resource in same/different account. Preview

  • User and Role define authentication, But how about authorization? In AWS authorizations are controlled by IAM Policiy

  • When we have lot of users giving each user permission is difficult, IN AWS IAM we can create groups and add users to the group. Preview

  • IAM Policies are of two types

    • AWS Managed Policies:
      • AWS gives you ready made policies which you can reuse
    • Customer Managed Policies:
      • Policies created by organization for custom authentication

  • IAM Policy can be attached to

    • User
    • Role
    • Group

  • Scenario: Lets add a group called as avengers. We need our super heros ironman, thor & captian america to be added as users.

    • For this scenario we will be giving ironman an administrator and captian america & thore some other AWS Managed policy Preview
    • Refer Here for how to do

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube