In this video, you will gain an understanding of the considerations you need to think through when designing Identity and Access Management (IAM) groups. You will appreciate why the structure of an IAM group may differ from the corresponding groups as defined on your company's organizational chart. Finally, you will learn exactly where to configure IAM groups in the AWS Web Console, under the IAM Dashboard.
- [Voiceover] An important part in your AWS journey…is the mapping out of your IAM group structure.…Let's dive right in by taking…an example organization chart…and mapping it into IAM groups.…Taking a look at this sample org chart,…we see five distinct groups:…Management, DevOps, Engineering,…Information Security, and Finance.…It is tempting to simply reflect…the group structure as is, into IAM.…Before I create the IAM groups,…let's think a little more deeply about…each individual box.…For each group on this org chart,…let's consider a few questions.…
First of all, do all people in a given group…need the same permissions?…Do groups need to be split apart…to accommodate different job roles?…For instance, are all DevOps personnel the same?…Do they all need equal access to systems?…Should new hires in the organization…have the same access as experienced staff?…What about non-technical personnel?…Do the same people who are responsible…for remitting payment also analyze…overall spend by service?…What about individual group leaders?…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor