learn AWS

Using Roles for a Service So as we mentioned before, Role is important part of IAM since it supports security of service indirectly. Let's imagine the scenario we want EC2 instance to access our S3 bucket (object storage) and receive some files from it. Since we have to do it programmatically, need to use cli for that. But cli is not enough, we need some kind of credentials to authenticate ourselves into the service. We can use access credentials and Roles for that .   Let's list S3 buckets using the command below, but it will display and error. It couldn't find the credentials that will help it to authenticate.  Search IAM and navigate to the users page. Click to the "create access key" button. Choose "Command line interface" option. Copy the credentials and paste into the cli. Use aws-cli utility tool to add credentials. And then you will be able to list all the available buckets. The issue with this approach is that it is not recommended and secure wa

IAM vs IAM Identity Center We have already familiar with IAM, and have little hands on experience with it. But there is another service called IAM Identity Center previously known as AWS Single-Sign-On (SSO).  What is SSO ? SSO is a method that allows users to authenticate once and access multiple applications without being prompted to enter their credentials again. This is typically done by an identity provider (IdP) that issues a token to the user, which is then passed to the different applications the user wants to access. So basically lets consider the scenario that as company IT engineer you want to provide access of Meta workplace, office365, SAP platforms to company users. But instead of typing their set of credentials for each of these services you implement company SSO. So once they logged in to company's portal, they will be granted access to all integrated platforms without needing to log in again. So basically IAM Identity Center is providing centralized permissions man

IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us

AWS Policies AWS policies, as the name implies, allow you to set permissions to access your AWS resources. This is essential for controlling who can do what with your AWS services. There are two types of policies : Resource based policy (This can be applied to specific services (not all supports this) ) Identity based policy (This can be applied to users,groups and roles) Example Policy for Full Access to S3 Let's suppose we want to provide full access to the S3 resource. Here's an example policy: Version : The version number of the policy language. Statement : The key part of the policy. Each statement includes: Effect : Can be either Allow or Deny . Action : Specifies the actions that are allowed. The s3:* wildcard means all actions on Amazon S3 are allowed, including creating, listing, and deleting buckets, uploading and downloading objects, setting permissions, etc. Resource : Specifies the resources that the actions apply to. The * wildcard means all resources. In the

Introduction IAM stands for Identity and Access Management. IAM is essential component of AWS allows you to create and manage access of user, role, application and control authentication/authorization. There are 4 essential components of IAM :  Users - are individuals or applications want to access to your AWS resources. Groups - are collection of users. By this you can assign permissions to group instead individual users. Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view. Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles. Hands on IAM exercises :  Login to your AWS account and search for IAM :  After clicking IAM icon, you wil