Join Brian Eiler for an in-depth discussion in this video Identiy and Access Management (IAM) overview, part of Amazon Web Services: Implementing and Troubleshooting PaaS Products.
- [Instructor] In this module, we will discuss the Identity and Access Management or IAM components within AWS. So what exactly is IAM? It stands for Identity and Access Management which is actually a triple A service within AWS. Triple A stands for the Authentication, Authorization, and Accounting and it has to do with the user security and what we can do within the system. So let's talk a little bit about authentication.
IAM allows us to define the users or groups that we're going to allow access to our different AWS resources. It also controls who can sign in to things like the console or even accessing different AWS services or using the CLI. The authorization side defines what you can do. So IAM helps you control who can access those resources and defines what they're able to do with them.
So it's able to allow you to grant or deny permissions to objects for specific individuals or groups or even something known as roles which we'll talk more about in a little bit. Our last piece is called the accounting side of this and while authentication allows you to get in, authorization defines what you're allowed to do, accounting is something that is used to determine what you did. It's more often used by the auditors or people trying to troubleshoot a particular issue than it is by the users themselves.
So let's take a look at some of the features of IAM. One is the identity federation which means that we can involve things like single sign-on, making things a little bit easier for your users to connect. And again these aren't the users of your application per se. They're the users of the AWS components, the people who would sign in to say the AWS console to deploy different services, not necessarily again the people who would be using your application.
Now these features that we're talking about are also PCI DSS compliant which means that if you're doing payment processing or things of that nature with credit cards, this will keep you in compliance, maintaining the strict control as to who is in the system and what they can do. And lastly it's integrated with almost all of the AWS services. There's a whole series of pages that allow you to determine within the documentation which services are integrated and how they work together so that you can create a standard managed central security model.
Now the last couple features we want to talk about are that it's a shared access medium which means that we can use IAM even between AWS accounts and we're going to talk about some of those capabilities later on when we get into the discussion on roles. And also it's free to use. It's tied right into your AWS account and doesn't cost any additional amount of money in order to use it. And lastly, it supports MFA which stands for Multi-Factor Authentication.
This would be the two-factor authentication or the little tokens that you might have in your possession that have rotating numbers so you need a password plus this number or pin in order to actually access the system. Sometimes that's done with fingerprints or other biometrics. In the case of IAM, we can leverage the virtual tokens or even physical tokens.
- Creating an IAM user, group, and role
- Using the IAM policy simulator
- IAM best practices
- Components of CloudFormation
- Benefits of Elastic Beanstalk
- Working with OpsWorks
- OpsWorks for Chef Automate and Puppet Enterprise
Skill Level Intermediate
1. Identity and Access Management
3. Elastic Beanstalk
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.