• Save
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
Upcoming SlideShare
Loading in...5
×
 

SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…

on

  • 1,589 views

Learn what AWS Identity and Access Management (IAM) technologies are available for you to manage users and their access to your AWS environment. We present a high level discussion of the benefits and ...

Learn what AWS Identity and Access Management (IAM) technologies are available for you to manage users and their access to your AWS environment. We present a high level discussion of the benefits and functionality IAM provides to control secure access to your AWS environment. We discuss how you can manage users and their permissions when using IAM, how roles makes it simpler for you delegate access, and how to use Multi-Factor Authentication (MFA) to require additional proof of identity.

Statistics

Views

Total Views
1,589
Views on SlideShare
1,588
Embed Views
1

Actions

Likes
4
Downloads
0
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent… SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent… Presentation Transcript

    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • File Sharing: C:homemydata.log Who Name Permission Level Patrick Read What Anna Owner Actions? WhichResources?
    • Amazon Amazon Amazon Amazon Amazon AWS IAM Amazon RDS SES CloudWatch SNS Route 53 DynamoDB Amazon CloudFront Amazon Amazon AWS EC2 S3 Storage Gateway AWS CloudFormation Amazon Amazon Amazon Amazon Amazon Amazon Amazon Elastic ElastiCache CloudSearch VPC SWF Elastic SQSMapReduce Beanstalk© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • AMIs Elastic IPs Placement Groups UsersSpot Instances Templates Distributions Buckets Volumes Clusters Roles Messages Instances Files Groups Tables Snapshots Topics Load BalancersSecurity Groups Workflows Autoscaling Groups Domains Applications Queues Network Interfaces© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • Over 1 Trillion Resources Over 650K Requests/SecHundreds of Thousands “Many” Servers of Customers© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • AWS© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • *While Joe and his story are fictional, you may find many of his challenges quite real
    • Joe Raises $1.5M Series A Financing Round!
    • Joe Dev/Ops Development Sales/Marketing Finance/Accounting Administrator Full access to: Read-only to Account Activity Access: Amazon S3, Amazon Amazon S3 and Usage DynamoDBControl all AWS + Reports only resources, The ability to start including (but not stop)managing users Amazon EC2 instances
    • Joe Sales/Mark Finance/AcDev/Ops Development eting counting Graeme Nate Anders Joan Greg Cicilie Erin Kevin Brian Jeff
    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • Joe Sales/Mark Finance/AcDev/Ops Development eting counting Graeme Nate Anders Joan Greg Cicilie Erin Kevin Brian Jeff
    • #!/bin/bashexport AWS_IAM_HOME=~/IAMCli-1.5.0export AWS_CREDENTIAL_FILE=~/IAMCli-1.5.0/aws-credential.templateexport JAVA_HOME=/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home# Create users, and add them to the "TestSubjects" groupiam-usercreate -u RedShirt1 -g TestSubjectsiam-usercreate -u RedShirt2 -g TestSubjectsiam-usercreate -u RedShirt3 -g TestSubjects…iam-usercreate -u RedShirt24 -g TestSubjectsiam-usercreate -u RedShirt25 -g TestSubjects
    • http://aws.amazon.com/documentation/iam/
    • Amazon AmazonDynamo S3 DB AWS Cloud
    • ? ? Auto Scaling Auto Scaling ? ? Amazon Amazon Dynamo S3 DB AWS Cloud
    • Auto Auto Scaling Scaling Amazon Amazon GeneticAnalysis Dynamo S3AWS IAM Server: RW DB access to files, AWS Cloud rows
    • MARTHA!
    • Capacity The Martha effect Urbanchickens.org Time
    • AWS MFA supports any OATH TOTP compatible application (RFC 6238)
    • Joe’s Chicken GeneticsIntranet Portal Joe
    • Enterprise Multi-Factor Authentication Startup/ Federation & SSO SMB Password Strength Policy AWS Marketplace Control Joe Users, Groups, Permissions Management UI, CLI, API Basic Roles for EC2 No additional charge© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • Code Session TimeSEC101 A Guided Tour of AWS Identity and Access Management Wednesday 11/28 2.05pmSEC302 Delegating Access to Your AWS Environment Wednesday 11/28 3.25pmSEC303 TOP 10 IAM Best Practices Thursday 11/29 3pm
    • We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation form when you have a chance.