Take a dive into the AWS web console to walk through the creation of an IAM role and IAM policy to enable an IAM user to increase the scope of changes s/he is allowed to make. See how, from the perspective of an IAM user, you can switch IAM roles in order to make configuration changes to an AWS service—in this case, an EC2 instance.
- [Teacher] Here I am, logged into…my AWS account as the enzo IAM user.…I can validate this by looking in the top-right corner…at the username and the affiliated account, enzo @ sbncorp.…Since Enzo has the global read-only access permission,…he has the ability to view anything in this account.…Suppose that he has been asked to start…an EC2 instance in the Oregon region.…The first thing he does is to make sure…Oregon is selected from the list of available…regions in the top-right corner of the screen.…
Dropping that menu down, you see all of…the regions that AWS offers services in.…US East, US West, in this case, we're interested in Oregon.…With Oregon selected, he goes to the Compute…section on the left and chooses EC2.…Clicking on that link brings up the EC2 dashboard.…In this case, he's been tasked with starting…an instance, so let's go ahead and try.…In the left-hand navigation, under…Instances, we click the Instances link.…
The Instance pane that comes up shows…a single server, the s3TestBox.…Under the Instance State column,…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Configuring IAM users, groups, and policies
- Granting temporary access
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor