Learn how to use the Security Token Service (STS) to grant temporary access to resources. Temporary access may be granted to existing IAM users within your account, users you have federated with your AWS account, and IAM users from other AWS accounts. People need a certain permission set for their daily tasks, and may need an elevated set of permissions from time to time.
- [Narrator] The AWS security token service…is a powerful tool for extending access…to resources beyond the confines of an AWS account.…The security token service is useful for granting…temporary access to resources within an AWS account.…This temporary access can be applied to IAM users…within the account itself, it can also…apply to enterprise identity or web identity users…that are federated within an account.…It is also useful for providing access…to other AWS accounts you may own.…Let's explore how to set up an IAM role…that allows existing IAM users a different level of access…to account resources than they typically have.…
In general, I like to make it easy for people…to do the right thing while making…it hard for them to do the wrong thing.…In the case of my devops admins, I want…to make sure that they consciously elevate…their privileges before modifying anything in AWS.…Let's say we have an admin named Enzo.…Enzo's IAM user id is assigned to the devops-admin…group, the devops-admin group has a policy attached to it.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.