In this video, you will take a dive into the AWS Web Console to walk through the creation of an IAM role and IAM policy to enable an IAM user to increase the scope of changes s/he is allowed to make. You will see how, from the perspective of an IAM user, you can switch IAM roles in order to make configuration changes to an AWS service - in this case, an EC2 instance.
- [Voiceover] Here I am logged into my AWS account…as the Enzo IAM user.…I can validate this by looking in the top right corner…at the username and the affiliated account,…enzo @ sbncorp.…since Enzo has the global read-only access permission…he has the ability to view anything in this account.…Suppose that he has been asked to start an EC2 Instance…in the Oregon region.…The first thing he does is to make sure Oregon is selected…from the list of available regions…in the top right corner of the screen.…
Dropping that menu down you see all of the regions…that AWS offers services in,…US East, US West, in this case we're interested in Oregon.…With Oregon selected, he goes to the top left corner…under Compute and chooses EC2.…Clicking on that link brings up the EC2 dashboard.…In this case, he has been tasked with starting an Instance…so let's go ahead and try.…In the left-hand navigation under Instances…we click the Instances link.…
The Instance pane that comes up…shows a single server, the s3TestBox.…Under the Instance State column…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor