Notes on: AWS Essentials: 0 -> 2) IAM

on
Just a place to put some notes on the “AWS Essentials” course from https://linuxacademy.com
BTW: This is an excellent course. If you want/need to learn about ‘AWS Essentials’ I’d highly recommend taking it!

0) Project Omega!

https://www.lucidchart.com/documents/view/703f6119-4838-4bbb-bc7e-be2fb75e89e5/0

Image: Project Omega

1) Account Basics
1.1) AWS Free Tier

https://aws.amazon.com
https://aws.amazon.com/free

AWS Free Tier: 12 Months Free
Important: Beware of the usage limits of AWS Free Tier. If you exceed these limits you will be paying for services.

1.2) Create an AWS Account

You will need a valid credit card to create an account.
As long as you don’t exceed the AWS Free Tier limits, you won’t be charged.

1.3) AWS Documentation

https://aws.amazon.com/documentation/

2) Identity & Access Management (IAM)
2.1) What is IAM?

IAM (Identity & Access Management) is where you manage your AWS users and their access to AWS accounts and services.

The user created when you created the AWS account is called the “root” user.
By default, any new users you create in the AWS account are created with NO access to any AWS services.

Image: Services -> Security, Identity & Compliance

2.2) IAM Initial Setup and Configuration

- Delete your root access keys
- Activate MFA on your root account
- Create individual IAM users
- Use groups to assign permissions
- Apply an IAM password policy

Image: IAM Best Practices

MFA = Multi-Factor Authentication
Two options to get MFA code:
i) Virtual MFA Device: App on smartphone or tablet like: Google Authenticator
ii) Hardware Key Fob: Order it directly from AWS

Image: Manage MFA

Image: Manage Users

AWS best practice is to NEVER use your root account for day-to-day use.

Image: Password Policy Options

Image: Security Status: Green

2.3) Example IAM role:

Create role:
Step 1: Select role type = Amazon EC2
Step 2: Establish Trust (skipped)
Step 3: Attach policy = AmazonS3FullAccess
Step 4: Set role name (EC2) and review

Think of role as a group for other AWS services.

Image: EC2 role allows EC2 instances to call AWS services on your behalf

Image: IAM Resources

2.6) Quiz: IAM Essentials

T: IAM is where you manage your AWS users and their access to AWS features and services.

Q: If you want to grant S3 access to an EC2 instance, what should you do?
A: Create an EC2 Role and attach an S3 access policy to it.

T: Multi-Factor Authentication (MFA) is an important part of account security that should be set on your “root” account.

Q: If a user has access to S3 through a group with an S3 policy attached, what happens if that user is removed from the group?
A: The user no longer has access to S3.

Q: IAM policies can be directly attached to?
A: Roles, Users, Groups

Comments

Post a Comment