Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

AWS IAM Training | AWS Identity And Access Management | AWS Training | Simplilearn

1.137 visualizaciones

Publicado el

This presentation AWS IAM (Identity and access management) will help you understand what is AWS security, types of security, what is IAM, why we need IAM, how IAM works, components & features of IAM and you will also see a demo on how to create S3 bucket using MFA feature. AWS cloud provides a secure virtual platform where users can deploy their applications. Compared to an on-premises environment, AWS security provides a high level of data protection at a lower cost to its users. There are many types of security services but some of them are widely used and IAM is one among those. AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Now, lets deep dive into this presentation AWS IAM tutorial to understand what is IAM and how does it work.

Below topics are explained in this AWS IAM presentation:

1. What is AWS security?
2. Types of AWS security
3. WHy IAM?
4. What is IAM?
5. How IAM works?
6. Components of IAM
7. Features of IAM
8. Demo - Create an S3bucket using MFA feature

This AWS certification training is designed to help you gain an in-depth understanding of Amazon Web Services (AWS) architectural principles and services. You will learn how cloud computing is redefining the rules of IT architecture and how to design, plan, and scale AWS Cloud implementations with best practices recommended by Amazon. The AWS Cloud platform powers hundreds of thousands of businesses in 190 countries, and AWS certified solution architects take home about $126,000 per year.

This AWS certification course will help you learn the key concepts, latest trends, and best practices for working with the AWS architecture – and become industry-ready AWS certified solutions architect to help you qualify for a position as a high-quality AWS professional.

The course begins with an overview of the AWS platform before diving into its individual elements: IAM, VPC, EC2, EBS, ELB, CDN, S3, EIP, KMS, Route 53, RDS, Glacier, Snowball, Cloudfront, Dynamo DB, Redshift, Auto Scaling, Cloudwatch, Elastic Cache, CloudTrail, and Security. Those who complete the course will be able to:

1. Formulate solution plans and provide guidance on AWS architectural best practices
2. Design and deploy scalable, highly available, and fault tolerant systems on AWS
3. Identify the lift and shift of an existing on-premises application to AWS
4. Decipher the ingress and egress of data to and from AWS
5. Select the appropriate AWS service based on data, compute, database, or security requirements
6. Estimate AWS costs and identify cost control mechanisms

Learn more at: https://www.simplilearn.com/

Publicado en: Educación
  • Inicia sesión para ver los comentarios

AWS IAM Training | AWS Identity And Access Management | AWS Training | Simplilearn

  1. 1. IAM TUTORIAL AWS IAM Tutorial
  2. 2. What’s in it for you? What is AWS Security? Types of Security Why IAM? What is IAM? How IAM works Components of IAM Features of IAM Demo - Create a S3 bucket using MFA feature 1 2 3 4 5 6 7 8
  3. 3. What is AWS Security?
  4. 4. What is AWS security? • AWS cloud provides a secure virtual platform where users can deploy their applications • Compared to on-premises environment, AWS security provides a high level of data protection at a lower cost to it’s users Secure Environment No upfront cost Lower cost than on- premises
  5. 5. Types of AWS security There are many types of security services but some of the widely used services by AWS are:
  6. 6. Types of AWS security IAM KMS Cognito WAF There are many types of security services but some of the widely used services by AWS are:
  7. 7. Types of AWS security IAM KMS Cognito WAF There are many types of security services but some of the widely used services by AWS are: Let’s get started with AWS IAM
  8. 8. Why IAM? At a corporate It isn’t safe to share confidential data over the phone or internet BEFORE AWS
  9. 9. Why IAM? Employees using Slack Note: Slack is an online tool which lets users communicate and share documents on the web “Hosting Slack in AWS makes us more confident that our data is safe and secure” AFTER AWS “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” -Richard Crowley, Director of Operations, Slack
  10. 10. What is IAM? • AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS resources • It enables you to create and control services for user authentication or limiting access to a certain set of users on your AWS resources AWS resources Secure access Set permissions Admin
  11. 11. How IAM works The IAM workflow includes the following elements: Resources Principal RequestAuthentication Authorization Actions 1 2 3 4 5 6
  12. 12. How IAM works 2 3 4 5 Resources Authorization Request Actions Authentication • An action on an AWS resource can be performed by a principal • A user or a role can be a principal Principal AWS resources Principal 1
  13. 13. How IAM works 1 2 3 4 5 Resources Authorization Request Actions Authentication • Authentication is a process of confirming the identity of the principal trying to access an AWS product • To authenticate from console, API or CLI, you must provide your credentials or required keys Confirms the identity Principal
  14. 14. How IAM works 1 2 3 4 5 Resources Authorization Request Actions Authentication When a principal attempts to access the AWS Console, API or CLI, he sends a request to AWS Request Principal
  15. 15. How IAM works 1 2 3 4 5 Resources Authorization Request Actions Authentication Here, IAM uses information from the request context to check for matching policies and determine whether to allow or deny the request Request Check for policies Allow request Deny request Principal
  16. 16. How IAM works 1 2 3 4 5 Resources Authorization Request Actions Authentication • After authenticating and authorizing the request, AWS approves the action • Using actions, you can view, create, edit and delete a resource Action AWS resources Principal
  17. 17. How IAM works 1 2 3 4 5 Resources Authorization Request Actions Authentication AWS Resources EC2 S3 IAM • A set of actions can be performed in a related resource of your AWS account • Suppose, a request is created by a user to perform an unrelated action then the request gets denied • For example, if you attempt to delete an IAM role and request to access an EC2 instance for that role then the request gets denied Principal
  18. 18. Components of IAM
  19. 19. Components of IAM Users
  20. 20. Components of IAM Users Groups Roles Policies
  21. 21. Components of IAM Users Groups Roles Policies
  22. 22. Components of IAM Users Groups Roles Policies
  23. 23. Components of IAM – User • With IAM, you can securely manage access to AWS services • You can create an IAM user when there is a new employee to your corporate Note: Each IAM user is associated with only one AWS account AWS services and resources Secure
  24. 24. Components of IAM – Group • A collection of IAM users is an IAM group • You can use IAM groups to specify permissions for multiple users, so that any permission applied to the group, are applied to it’s users as well IAM Group Specify permissions
  25. 25. Components of IAM – Group (Example) This diagram is an example of groups created for a small company Bobby Suman Brad Jimmy Harry Cathy Allen BellaMark Group: Admins Group: Developers Group: Test John AWS Account
  26. 26. Components of IAM – Group (Example) This diagram is an example of groups created for a small company AWS Account Bobby Suman Brad Jimmy Harry Cathy Allen Bella John Mark Group: Admins Group: Developers Group: Test Set permission to a group 1 Permission applied to all users automatically 2 New user Note: Suppose a new user joins your organization and needs administrator privileges, then adding that user to a relevant group will automatically set permissions
  27. 27. Components of IAM – Policies • An IAM policy sets permission and controls the access to AWS resources • Policies are stored in AWS as JSON documents • Permissions specify who can have access to the resources and what actions they can perform For Example, it Allows an IAM user to access one of the buckets in Amazon S3 IAM Policy
  28. 28. Components of IAM – Policies (Example) Task: To give Paul (Developer) access to Amazon S3
  29. 29. Components of IAM – Policies (Example) Note: Give user name or group name The policy would contain the following statements: • Who • What actions • Which AWS resources • When • Whether Paul Task: To give Paul (Developer) access to Amazon S3
  30. 30. Components of IAM – Policies (Example) Note: GET/PUT – Upload and Read access The policy would contain the following statements: • Who • What actions • Which AWS resources • When • Whether Paul Can get/put objects in S3 Task: To give Paul (Developer) access to Amazon S3 ?
  31. 31. Components of IAM – Policies (Example) Note: “*” can have access to all the buckets The policy would contain the following statements: • Who • What actions • Which AWS resources • When • Whether Paul Can get/put objects in S3 Bucket=“*” Task: To give Paul (Developer) access to Amazon S3
  32. 32. Components of IAM – Policies (Example) Note: Permissions will expire on the given date The policy would contain the following statements: • Who • What actions • Which AWS resources • When • Whether Paul Can get/put objects in S3 Bucket=“*” Until March 2, 2019 Task: To give Paul (Developer) access to Amazon S3
  33. 33. Components of IAM – Policies (Example) The policy would contain the following statements: • Who • What actions • Which AWS resources • When • Whether Paul Can get/put objects in S3 Bucket=“*” Until March 2, 2019 Allow Note: Whether to allow or deny permission Task: To give Paul (Developer) access to Amazon S3
  34. 34. Components of IAM – Policies Sample - S3 Public read only Policy { "Version": "2017-10-17", "Id": "S3-Account-Permissions", "Statement": [{ "Sid": “AddPublicReadPermissions", "Effect": "Allow", "Principal":“*”, "Action": "s3:*", "Resource": ["arn:AWS:s3:::bucket/*" ] }] } Who can Access it What action can a user take Give permissions(Allow/Deny) Specify Actions(Read/Write/Delete) Specify the resource
  35. 35. Components of IAM – Policies Types of policies Managed Policies It is a default policy that you attach to multiple entities (users, groups and roles) in your AWS account Inline Policies You create and manage your own policy that is embedded directly into a single entity (user, group or role)
  36. 36. Components of IAM – Roles • An IAM role is a set of permissions that define what actions are allowed and denied by an entity in AWS console • It is similar to a user • A role in IAM can b accessed by any entity (an individual or AWS service) Define permissions AWS Services User
  37. 37. Components of IAM – Roles (Example) Create a role and give access to S3’s “file” bucket Bucket
  38. 38. Components of IAM – Roles (Example) Create a role and give access to S3’s “file” bucket Bucket With the role, a user launches an EC2 instance EC2 instance
  39. 39. Components of IAM – Roles (Example) Create a role and give access to S3’s “file” bucket Bucket With the role, a user launches an EC2 instance EC2 instance From the instance, application retrieves role credentials Online Application
  40. 40. Components of IAM – Roles (Example) Create a role and give access to S3’s “file” bucket Bucket With the role, a user launches an EC2 instance EC2 instance From the instance, application retrieves role credentials Using the role credentials, application gets S3’s files View S3’s file in Application Online Application
  41. 41. Features of IAM
  42. 42. Features of IAM Shared access to your AWS account 1
  43. 43. Features of IAM Shared access to your AWS account Granular permissions 1 2
  44. 44. Features of IAM Shared access to your AWS account Granular permissions 1 2 3 Secure access to AWS resources for applications running on EC2
  45. 45. Features of IAM Shared access to your AWS account Granular permissions Secure access to AWS resources for applications running on EC2 Multi-factor authentication (MFA) 1 2 3 4
  46. 46. Features of IAM Identity federation 5
  47. 47. Features of IAM Identity federation 5 6 Free to use
  48. 48. Features of IAM Identity federation PCI DSS Compliance 5 6 7 Free to use
  49. 49. Features of IAM Identity federation PCI DSS Compliance Password Policy 5 6 7 8 *** Free to use
  50. 50. Demo – Create a S3 bucket using MFA feature
  51. 51. Demo - Create a S3 bucket using MFA feature To create a S3 bucket for a company where each user can create their own READ and WRITE data with Multi-Factor Authentication Problem statement
  52. 52. Demo - Multi-Factor Authentication For example, It refers to the oTP when you try to log in to your Gmail account IAM Your OTP is 2346 Please provide one time password to login Gmail Multi-Factor Authentication (MFA) is an additional level of security process provided by AWS Here, a user’s identity is confirmed for AWS login only after performing two levels of verification
  53. 53. Demo - Multi-Factor Authentication First step of security Last step of security Log in mFA code Select MFA device in IAM sErvice Login to google indicator app Scan the barcode ****** The MFA device was successfully associated Result Example:Virtual MFA device Multi-Factor Authentication (MFA) is an additional level of security process provided by AWS Here, a user’s identity is confirmed for AWS login only after performing two levels of verification
  54. 54. Demo - Multi-Factor Authentication First step of security Last step of security Log in mFA code Select A MFA device in IAM User use indicator app on your smartphone Scan the barcode ****** The MFA device was successfully associated Result Example:Virtual MFA device Multi-Factor Authentication (MFA) is an additional level of security process provided by AWS Here, a user’s identity is confirmed for AWS login only after performing two levels of verification IAM
  55. 55. Demo - Multi-Factor Authentication Log in First step of security Last step of security mFA code Select MFA device in IAM sErvice Login to google indicator app Scan the barcode ****** The MFA device was successfully associated Result Example:Virtual MFA device Multi-Factor Authentication (MFA) is an additional level of security process provided by AWS Here, a user’s identity is confirmed for AWS login only after performing two levels of verification IAM
  56. 56. Demo - Create a S3 bucket using MFA feature To create a S3 bucket for a company where each user can create their own READ and WRITE data with Multi-Factor Authentication To create policies and assign permissions for a user and a group • Provide access (read and write) to the developer group • Provide a policy where a user is allowed to read or denied to write an object in S3 bucket Problem statement Task
  57. 57. Key Takeaways
  58. 58. Demo

×