There are some considerations you need to think through when designing Identity and Access Management (IAM) groups. Learn why the structure of an IAM group may differ from the corresponding groups as defined on your company's organizational chart. Learn exactly where to configure IAM groups in the AWS Web Console, under the IAM Dashboard.
- [Narrator] An important part in your AWS journey…is the mapping out of your IAM group structure.…Let's dive right in by taking…an example organization chart…and mapping it into IAM groups.…Taking a look at this same Org chart,…we see five distinct groups.…Management,…DevOps,…Engineering,…Information security, and finance.…It is tempting to simply reflect the group structure…as is into IAM.…Before I create the IAM groups,…let's think a little more deeply about each individual box.…For each group on this Org chart,…let's consider a few questions.…
First of all, do all people in a given group…need the same permissions?…Do groups need to be split apart…to accommodate different job roles?…For instance, are all DevOps personnel the same?…Do they all need equal access to systems?…Should new hires in the organization…have the same access as experienced staff?…What about non-technical personnel?…Do the same people who are responsible…for remitting payment also analyze overall spend by service?…What about individual group leaders?…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Configuring IAM users, groups, and policies
- Granting temporary access
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor