In this video, you will use the AWS Web Console to configure Identity and Access Managment (IAM) policies specific to S3. You will learn how to implement an IAM policy to simulatenously grant access to multiple S3 buckets while restricting access to others. You will be able to look in detail at the JSON which allows access to multiple S3 buckets, while simultaneousy denying access to other S3 buckets.
- [Voiceover] Starting off in the web console,…let's first look at the S3 structure we're dealing with…by clicking the S3 link under Storage and Content Delivery.…The screen that comes up shows all of the S3 buckets…that exist in this AWS account.…Since I'm logged in with full administrative access,…I can take any action I want to.…For instance, I can click the SBN Corporate Secrets bucket…to see what's inside.…With my administrative access,…I can add, download or remove…any item in this bucket.…
Now let's look at the structure of the customer buckets.…I click the blue, all buckets link…to get back to the all buckets screen.…Then, I look at the SBN Customer One bucket…by clicking on it.…Per corporate standards,…each customer has it's own bucket.…And the bucket contains two folders, inbound and outbound.…The outbound folder is where Julia needs to place files.…However, she should not be able to delete any files…after they've been placed in the outbound folder.…
Meanwhile inbound folder is where customers drop files.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor