Working with AWS functions requires the creation of a specific user for the application to use. This section discusses the various different roles, permissions and user settings you can use in order to execute the code that you create. The initial user for the hello world application will be quite simple, but an overview will be given to help you understand the general permissions model.
- [Instructor] You've now got credentials to login to the console, but Amazon uses an identity management system to maintain credentials for the services you'll be using. So you'll need to setup a user with credentials to work with the system. Setting up permissions for our simple application will be quick, but I want to talk a little bit about some of the power in this implementation and explain how it works. From the dashboard's homepage, search for IAM in the search bar at the top. Select the IAM application to see the IAM dashboard.
On this screen, you can manage your identities and permissions in various ways. Users can have specific permissions. More commonly, groups are used to apply specific permissions to multiple users. You can also create custom policies to get more fine-grain control over specific user permissions. There are a few different items that the system would like you to perform. Once you have an administrator setup, it's a good idea to delete the root access keys from your account. Activating multifactor authentication on your root account helps provide security as well.
We'll be creating individual IAM users using groups to assign permissions. We won't apply the IAM password policy at this time, but that function is used to require strong passwords and credential rotation, improving security even further. We'll be creating individual IAM users. We won't apply the IAM password policy at this time, but that function is used to require strong passwords and credential rotation, improving security even further.
I will create a user and then associated group with the correct permissions for that user. From the IAM console, choose users then add user. For user name, pick something that you'd like. We're going to make this an administrator so I'll use administrator for the name. (typing) Remember, we'd like to avoid keeping root credentials around so we want this administrator to be able to login to the console themself. To allow this user to login to the console, click AWS management console.
Then select custom password. Select the password that you'll remember. Choose next permissions. On the set permissions for user page, choose add user to group. There's no group yet, so it's time to pick the permissions for our administrator user. Let's create an admin group as this will be fairly powerful group, and we want it to be clear what the permissions allow. Click create group. Enter admin as the name of the group.
Under filter, select job function. In the policy list, select administrator access then select create group. Back in the list of groups, verify that the admin group is selected with administrator access as the attached policy. Select next review. Check the settings for the user you're creating, and then select create user. On the resulting page, you will need to download the credentials for this user for use later.
Download the CSV file to your system so you have it handy.
- Working with the Lambda console
- Creating a Lambda function
- Exploring the Lambda console
- Lambda CloudWatch and monitoring
- Lambda application development
- Creating a Lambda API
- API framework setup
- Setting up API integration for READ
- Testing the API with HTTPie or cURL