In this video, you will learn how to use the Security Token Service (STS) to grant temporary access to resources. You will understand that temporary access may be granted to existing IAM users within your account, users you have federated with your AWS account, and IAM users from other AWS accounts. You will appreciate that people need a certain permission set for their daily tasks, and may need an elevated set of permissions from time to time.
- [Voiceover] The AWS Security Token Service…is a powerful tools for extending access…to resources beyond the confines of an AWS account.…The Security Token Service is useful…for granting temporary access to resources…within an AWS acount.…This temporary access can be applied to AIM users…within the account itself.…It can also apply to enterprise identity…or web identity users that are federated with an account.…It is also useful for providing access…to other AWS accounts you may own.…
Let's explore how to set up an IAM role…that allows existing IAM users a different level…of access to account resources…than they typically have.…In general, I like to make it easy for people…to do the right thing, while making it hard…for them to do the wrong thing.…In the case of my devops-admins,…I want to make sure that they consciously elevate…their privileges before modifying anything in AWS.…Let's say we have an admin named Enzo.…Enzo's AIM user ID is assigned to the devops-admin group.…
The devops-admin group has a policy attached to it.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor