In this video, you will learn how to manage access to Simple Storage Service (S3) through the use of Identity and Access Managment (IAM) policies. You will understand that these IAM policies have a remarkable degree of granularity, and can be assigned to users, groups, roles, and through the use of roles, EC2 instances.
- [Voiceover] Access to S3 can be managed…in a number of different ways.…Using identity and access management policies…to control access to S3 is a great idea.…This fits nicely with the best practice…of using IAM to control access to AWS resources in general.…IAM policies are a great tool for managing access to S3,…as they allow for almost any level granularity imaginable.…Suppose the CEO of your company wants to store…confidential documents in S3.…You can lock down access to a specific S3 bucket,…using an IAM policy, so only the CEO would be able…to access the contents of the bucket.…
Similarly, if the CEO wanted an S3 bucket…to share documents with her leadership team,…it is possible to apply an IAM policy…to the leadership teams group.…More interesting, is the ability…to apply access policies to IAM roles.…Not only can a role be assigned to users and groups,…policies can also be assigned to roles.…This is a powerful concept.…By assigning a policy to a role, that means a server…within AWS can be launched with that role.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor