learn AWS

OSI model consists of 7 layer : 1. Physical layer - Raw bits transfered over cable via electrical signals. 2. Data link - Switches direct these electrical signals. They use MAC address to identify the next destination.  3. Network layer - Routers receive frames from Data link layer and directs them to the destination based on the address defined in the frame. They use IP (Internet protocol) to identify the next destination. ICMP, ARP are example protocols work on this layer. 4. Transport layer - This layer manages delivery and error checking. TCP,UDP are the examples of protocols work on this layer. 5. Session layer - This layer controls communication between two computers. Netbios,PPTP is the one of the example works on this layer. 6. Presentation layer - This layer is responsible for encryption/decryption of data. SSL, TLS are examples. 7. Application layer - The final layer where user interacts. Example protocols : HTTP,SMTP, FTP etc. So we can say that switches connect computers wi

Using Roles for a Service So as we mentioned before, Role is important part of IAM since it supports security of service indirectly. Let's imagine the scenario we want EC2 instance to access our S3 bucket (object storage) and receive some files from it. Since we have to do it programmatically, need to use cli for that. But cli is not enough, we need some kind of credentials to authenticate ourselves into the service. We can use access credentials and Roles for that .   Let's list S3 buckets using the command below, but it will display and error. It couldn't find the credentials that will help it to authenticate.  Search IAM and navigate to the users page. Click to the "create access key" button. Choose "Command line interface" option. Copy the credentials and paste into the cli. Use aws-cli utility tool to add credentials. And then you will be able to list all the available buckets. The issue with this approach is that it is not recommended and secure wa

IAM vs IAM Identity Center We have already familiar with IAM, and have little hands on experience with it. But there is another service called IAM Identity Center previously known as AWS Single-Sign-On (SSO).  What is SSO ? SSO is a method that allows users to authenticate once and access multiple applications without being prompted to enter their credentials again. This is typically done by an identity provider (IdP) that issues a token to the user, which is then passed to the different applications the user wants to access. So basically lets consider the scenario that as company IT engineer you want to provide access of Meta workplace, office365, SAP platforms to company users. But instead of typing their set of credentials for each of these services you implement company SSO. So once they logged in to company's portal, they will be granted access to all integrated platforms without needing to log in again. So basically IAM Identity Center is providing centralized permissions man

IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us