AWS Programmatic and console Access
- Console access is accessing aws by navigating to https://console.aws.amazon.com/ on the browser
- AWS gives SDK’s for all the popular languages Refer Here
- AWS CLI gives command line access to perform operations on AWS Refer Here
- AWS CLI and AWS SDK are considered as programmatic access.
- When you create users we have an option to select whether user needs console access or programmatic access or both
AWS Accounts
- IN AWS we create accounts (free tier account) Refer Here
- We create or use the AWS account for the organization
- We need to provide authentication for the employees in the organization to use AWS
- To the users created we need to ensure proper authorization so that users can see/control what they are expected
AWS Identity and Access Management (IAM)
- AWS IAM is a service offered by AWS that helps us to secure control access to AWS resources. We can use IAM to control who is authenticated (signed in) and authorized to user resources
- Identities in AWS
- User: This represents a person who is accessing AWS
- Groups: This represents group of users (Admins, DBA, Testers)
- Roles: In AWS we can give permissions to AWS services to acces other services
- Principal: A principal is a person or application that can make a request for an action to aws resource i.e. principal can be an IAM user or role
- When we create an AWS Account a unique account id is created
- Authentication and Authorization Workflow
- When a principal tries to perform any action
- the prinicipal should be authenticated. Once authenticated a request will be created
- The Request will be sent for authorization.
- once authorized the action can be performed
- Lets create a user
- Now open the highlighted url in different browser or in incognito mode
- Lets try to delete some ec2 resources
- Now lets give the user the Administrator access by changing policy
- Now lets retry delete & it should work
- Lets relook at terms
- Account
- user
- group
- role
- policy
- action/operation
- resource
- principal
