In this video, you will learn how to interact directly with Simple Storage Service (S3) from an Elastic Compute Cloud (EC2) instance, without embedding an access key on the instance. As the instance has an IAM policy assigned to it, this video will illustrate the various permissions as defined by the policy.
- [Voiceover] Now let's take that one step further.…We have a couple of policies that are applied…both to an IAM Group and to an IAM Role.…We also have an EC2 Instance launched with that IAM Role.…Let's fire up a terminal session on that EC2 Instance…and try to access S3.…Here I am at the EC2 Dashboard…with the s3TestBox2 Instance selected.…I want to establish a connection to it…so I click the Connect button.…The screen displays instructions…on how to connect to the Instance using SSH.…
PuTTY is a common SSH client for Microsoft Windows.…Since I'm on a Mac I can SSH directly…so I'm going to highlight the Example SSH connect text…and save it into my clipboard.…Now let's slide over to a terminal on my Mac.…First, let me verify…that I have the sbn.west.pem private key file…in my directory.…I can do that by typing the ls command,…great, there it is.…Now I will paste the SSH connect text into the Mac terminal…to establish the connection.…
Okay, here I am with a terminal connection…on that EC2 Instance,…it is a machine running Amazon Linux…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor