Learn about Identity and Access Management (IAM), what IAM is used for, and the difference between authentication and authorization. Learn about IAM users, groups of users, policies, and roles. Learn about the Principle of Least Privilege, and how IAM policies are evaluated.
- [Instructor] Understanding Identity and Access Management…is a crucial concept to the secure administration…of your AWS account.…Going forward, I'll refer to Identity and Access Management,…simply as IAM.…What is IAM, and what is it used for?…Generally speaking, IAM has two primary functions.…The first function of IAM is to authenticate users.…By validating the combination of a user name and password,…the authentication function of IAM is complete.…For example, let's say you have an online subscription…to the New York Times.…
In order to log in to your account,…you have to supply your user name and password.…In the context of IAM and AWS,…authentication is the combination of an IAM user,…and the user's security credential.…The second function of IAM is the authorization of users.…For example, suppose you have a valid user name and password…for the New York Times, however, due to an account issue,…you are not able to access the articles,…that is, you are not authorized to access content,…despite the fact that you are authenticated successfully.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.