In this video, you will learn how to troubleshoot IAM policies with the AWS Policy Simulator. Given that multiple IAM policies can be associated with a given IAM role, group, or user, you will come appreciate the ability to simulate, test, and debug IAM policies. You will also understand that caution must be exercised when making changes to policies via the Policy Simlulator, as those changes take immediate effect.
- [Voiceover] Remember when we created the…sbn-devops-admin-elevated role?…For simplicity's sake,…we attached the AWS managed administrator policy.…While convenient at the time,…it's not the best way to go.…Let's explore why.…Here we are looking at the screen that defines…what that role can do.…On the Permissions tab,…we can see that the only policy attached…is the Administrator Access policy.…I'm going to click on the blue Show Policy link…to explore what that policy actually looks like.…
Clicking on the link displays the JSON…which defines the Administrator Access policy.…It's power lies in its simplicity.…The fact that the action and resource segments…of this policy both have an asterisk indicate…that this policy has the effect of allowing any action…on any resources within the AWS account.…If this is the only policy assigned to a group…with no explicit Deny actions in place,…any service within AWS can be altered.…This includes everything from creating virtual…private clouds to deleting a single S3 object.…
It even includes the ability to delete IAM users.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor