Use the AWS web console to configure Identity and Access Management (IAM) policies specific to S3. Learn how to implement an IAM policy to simultaneously grant access to multiple S3 buckets while restricting access to others. Look in detail at JSON which allows access to multiple S3 buckets, while simultaneously denying access to other S3 buckets.
- [Narrator] Starting off in the Web Console,…let's first look at the S3 structure we're dealing…with by clicking the S3 link under…Storage and Content Delivery.…The screen that comes up shows all of the S3 buckets…that exist in this AWS account.…Since I'm logged in with full administrative access,…I can take any action I want to.…For instance, I can click the SBN Corporate Secrets…bucket to see what's inside.…With my administrative access, I can add, download,…or remove any item in this bucket.…
Now let's look at the structure of the customer buckets.…I click the blue All Buckets link to get back…to the blue All Buckets screen.…Then I look at the SBN Customer One bucket…by clicking on it.…Per corporate standards, each customer has its own bucket…and the bucket contains two folders, Inbound and Outbound.…The Outbound folder is where Julia needs to place files.…However, she should not be able to delete any files…after they have been placed in the Outbound folder.…
Meanwhile, the Inbound folder is where customers drop files.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Configuring IAM users, groups, and policies
- Granting temporary access
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor