In this video, you will gain an understanding of the considerations you need to think through when designing Identity and Access Management (IAM) roles. You will appreciate the fact that roles are powerful constructs you can use to apply to an Elastic Compute Cloud (EC2) instance when launching it for the first time, as it takes away the need to embed access keys on the instance itself. Finally, you will learn exactly where to configure IAM roles in the AWS Web Console, under the IAM Dashboard.
- [Voiceover] Roles are a critical IAM component,…as they can be used to grant consistent permission sets…to both people and machines.…Roles apply to a variety of use cases.…Roles can be used to grant EC2 instance access to resources,…without worrying about maintaining access keys.…This is a crucial concept to understand.…Instead of embedding access credentials on an EC2 instance…and then rotating them to follow security-best practices,…you can simply have an instance assume an IAM role.…Roles are also useful for granting…existing AWS users temporary access to resources.…
For example,…a user may need a higher level of account priviledge…in a production emergency.…For example, you can map active directory groups…to IAM roles.…Roles are also useful when configuring mobile applications.…Instead of embedding account keys within the app itself,…you can manage access to AWS resources with IAM roles.…Roles are also great tools for granting account access…to auditors, or users from other AWS accounts.…Let's visualize an example.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor