AWS Classroom Series – 13/Apr/2021

AWS Programmatic and console Access

Preview

  • Console access is accessing aws by navigating to https://console.aws.amazon.com/ on the browser
  • AWS gives SDK’s for all the popular languages Refer Here
  • AWS CLI gives command line access to perform operations on AWS Refer Here
  • AWS CLI and AWS SDK are considered as programmatic access.
  • When you create users we have an option to select whether user needs console access or programmatic access or both

AWS Accounts

  • IN AWS we create accounts (free tier account) Refer Here
  • We create or use the AWS account for the organization
  • We need to provide authentication for the employees in the organization to use AWS
  • To the users created we need to ensure proper authorization so that users can see/control what they are expected Preview

AWS Identity and Access Management (IAM)

  • AWS IAM is a service offered by AWS that helps us to secure control access to AWS resources. We can use IAM to control who is authenticated (signed in) and authorized to user resources
  • Identities in AWS
    • User: This represents a person who is accessing AWS
    • Groups: This represents group of users (Admins, DBA, Testers)
    • Roles: In AWS we can give permissions to AWS services to acces other services Preview
  • Principal: A principal is a person or application that can make a request for an action to aws resource i.e. principal can be an IAM user or role
  • When we create an AWS Account a unique account id is created
  • Authentication and Authorization Workflow Preview
  • When a principal tries to perform any action
    1. the prinicipal should be authenticated. Once authenticated a request will be created
    2. The Request will be sent for authorization.
    3. once authorized the action can be performed
  • Lets create a user Preview Preview Preview Preview Preview Preview Preview
  • Now open the highlighted url in different browser or in incognito mode Preview
  • Lets try to delete some ec2 resources Preview Preview Preview Preview Preview
  • Now lets give the user the Administrator access by changing policy Preview
  • Now lets retry delete & it should work
  • Lets relook at terms
    • Account
    • user
    • group
    • role
    • policy
    • action/operation
    • resource
    • principal

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin