AWS Classroom Series – 13/Apr/2021

AWS Programmatic and console Access

Preview

  • Console access is accessing aws by navigating to https://console.aws.amazon.com/ on the browser
  • AWS gives SDK’s for all the popular languages Refer Here
  • AWS CLI gives command line access to perform operations on AWS Refer Here
  • AWS CLI and AWS SDK are considered as programmatic access.
  • When you create users we have an option to select whether user needs console access or programmatic access or both

AWS Accounts

  • IN AWS we create accounts (free tier account) Refer Here
  • We create or use the AWS account for the organization
  • We need to provide authentication for the employees in the organization to use AWS
  • To the users created we need to ensure proper authorization so that users can see/control what they are expected Preview

AWS Identity and Access Management (IAM)

  • AWS IAM is a service offered by AWS that helps us to secure control access to AWS resources. We can use IAM to control who is authenticated (signed in) and authorized to user resources
  • Identities in AWS
    • User: This represents a person who is accessing AWS
    • Groups: This represents group of users (Admins, DBA, Testers)
    • Roles: In AWS we can give permissions to AWS services to acces other services Preview
  • Principal: A principal is a person or application that can make a request for an action to aws resource i.e. principal can be an IAM user or role
  • When we create an AWS Account a unique account id is created
  • Authentication and Authorization Workflow Preview
  • When a principal tries to perform any action
    1. the prinicipal should be authenticated. Once authenticated a request will be created
    2. The Request will be sent for authorization.
    3. once authorized the action can be performed
  • Lets create a user Preview Preview Preview Preview Preview Preview Preview
  • Now open the highlighted url in different browser or in incognito mode Preview
  • Lets try to delete some ec2 resources Preview Preview Preview Preview Preview
  • Now lets give the user the Administrator access by changing policy Preview
  • Now lets retry delete & it should work
  • Lets relook at terms
    • Account
    • user
    • group
    • role
    • policy
    • action/operation
    • resource
    • principal

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube