Learn how to create a custom policy and test.
- [Instructor] So up until now,…we've been using default AWS policies…and although that works fine for practicing and learning,…you want to generally create your own policies…that are as restrictive as is practical…for your environment.…Now, working with policies…I find often confuses people…because it's just I don't know…not intuitive or something…so I've worked to pull out the key concepts…and I also want to call out a blog that I'm referencing…this section on that I'll point to in just a minute…that really did a good job…in distilling the policy creation information.…
Basically it comes down to who or which…principal or resource…so your object name and your Amazon resource number…or name.…So in other words, do you want to give permission…to all of S3 for example…or do you want to give permission to one or more buckets.…And usually it's going to be preferred…to restrict the permission to an object name and ARN.…And who should have the permission,…which group, rather than which user of course.…And then what action or actions should be able…
- Security and governance approaches
- Service cost predictability
- Protecting data in-flight and at-rest
- IAM best practices
- Security via AWS Inspector, AWS Trusted Advisor, and AWS KMS
- Console tools for cost control
- Total service costs for AWS
- Using the AWS billing dashboard
- Third-party security and governance tools
- Approaches to security and cost control
Skill Level Advanced
1. Security and Governance Approaches
2. Security and Governance for Services
3. AWS Tools for Security and Governance
4. Advanced and Third-Party Tools
Next steps1m 13s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.