© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
File Sharing: C:homemydata.log  Who        Name              Permission Level             Patrick           Read  What    ...
Amazon                  Amazon                                            Amazon                                          ...
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
AMIs                       Elastic IPs                                 Placement Groups                                   ...
Over 1 Trillion Resources                                                                                  Over 650K Reque...
AWS© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or...
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
*While Joe and his story are fictional, you may find many of his challenges quite real
Joe Raises $1.5M Series A Financing Round!
Joe   Dev/Ops           Development                Sales/Marketing   Finance/Accounting Administrator      Full access to:...
Joe                               Sales/Mark   Finance/AcDev/Ops    Development                                  eting    ...
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in...
Joe                               Sales/Mark   Finance/AcDev/Ops    Development                                  eting    ...
#!/bin/bashexport AWS_IAM_HOME=~/IAMCli-1.5.0export AWS_CREDENTIAL_FILE=~/IAMCli-1.5.0/aws-credential.templateexport JAVA_...
http://aws.amazon.com/documentation/iam/
Amazon   AmazonDynamo     S3  DB                  AWS Cloud
?   ?    Auto        Scaling                                 Auto                                Scaling   ?         ?    ...
Auto                    Auto                             Scaling                 Scaling                                  ...
MARTHA!
Capacity                    The Martha effect           Urbanchickens.org                                        Time
AWS MFA supports any OATH TOTP compatible application (RFC 6238)
Joe’s Chicken GeneticsIntranet Portal                         Joe
Enterprise                                                                                                                ...
Code     Session                                               TimeSEC101   A Guided Tour of AWS Identity and Access Manag...
We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation   form wh...
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…
Upcoming SlideShare
Loading in...5
×

SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…

1,119

Published on

Learn what AWS Identity and Access Management (IAM) technologies are available for you to manage users and their access to your AWS environment. We present a high level discussion of the benefits and functionality IAM provides to control secure access to your AWS environment. We discuss how you can manage users and their permissions when using IAM, how roles makes it simpler for you delegate access, and how to use Multi-Factor Authentication (MFA) to require additional proof of identity.

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,119
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "SEC101 A Guided Tour of AWS Identity and Access Management - AWS re: Invent…"

  1. 1. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  2. 2. File Sharing: C:homemydata.log Who Name Permission Level Patrick Read What Anna Owner Actions? WhichResources?
  3. 3. Amazon Amazon Amazon Amazon Amazon AWS IAM Amazon RDS SES CloudWatch SNS Route 53 DynamoDB Amazon CloudFront Amazon Amazon AWS EC2 S3 Storage Gateway AWS CloudFormation Amazon Amazon Amazon Amazon Amazon Amazon Amazon Elastic ElastiCache CloudSearch VPC SWF Elastic SQSMapReduce Beanstalk© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  4. 4. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  5. 5. AMIs Elastic IPs Placement Groups UsersSpot Instances Templates Distributions Buckets Volumes Clusters Roles Messages Instances Files Groups Tables Snapshots Topics Load BalancersSecurity Groups Workflows Autoscaling Groups Domains Applications Queues Network Interfaces© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  6. 6. Over 1 Trillion Resources Over 650K Requests/SecHundreds of Thousands “Many” Servers of Customers© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  7. 7. AWS© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  8. 8. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  9. 9. *While Joe and his story are fictional, you may find many of his challenges quite real
  10. 10. Joe Raises $1.5M Series A Financing Round!
  11. 11. Joe Dev/Ops Development Sales/Marketing Finance/Accounting Administrator Full access to: Read-only to Account Activity Access: Amazon S3, Amazon Amazon S3 and Usage DynamoDBControl all AWS + Reports only resources, The ability to start including (but not stop)managing users Amazon EC2 instances
  12. 12. Joe Sales/Mark Finance/AcDev/Ops Development eting counting Graeme Nate Anders Joan Greg Cicilie Erin Kevin Brian Jeff
  13. 13. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  14. 14. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  15. 15. © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  16. 16. Joe Sales/Mark Finance/AcDev/Ops Development eting counting Graeme Nate Anders Joan Greg Cicilie Erin Kevin Brian Jeff
  17. 17. #!/bin/bashexport AWS_IAM_HOME=~/IAMCli-1.5.0export AWS_CREDENTIAL_FILE=~/IAMCli-1.5.0/aws-credential.templateexport JAVA_HOME=/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home# Create users, and add them to the "TestSubjects" groupiam-usercreate -u RedShirt1 -g TestSubjectsiam-usercreate -u RedShirt2 -g TestSubjectsiam-usercreate -u RedShirt3 -g TestSubjects…iam-usercreate -u RedShirt24 -g TestSubjectsiam-usercreate -u RedShirt25 -g TestSubjects
  18. 18. http://aws.amazon.com/documentation/iam/
  19. 19. Amazon AmazonDynamo S3 DB AWS Cloud
  20. 20. ? ? Auto Scaling Auto Scaling ? ? Amazon Amazon Dynamo S3 DB AWS Cloud
  21. 21. Auto Auto Scaling Scaling Amazon Amazon GeneticAnalysis Dynamo S3AWS IAM Server: RW DB access to files, AWS Cloud rows
  22. 22. MARTHA!
  23. 23. Capacity The Martha effect Urbanchickens.org Time
  24. 24. AWS MFA supports any OATH TOTP compatible application (RFC 6238)
  25. 25. Joe’s Chicken GeneticsIntranet Portal Joe
  26. 26. Enterprise Multi-Factor Authentication Startup/ Federation & SSO SMB Password Strength Policy AWS Marketplace Control Joe Users, Groups, Permissions Management UI, CLI, API Basic Roles for EC2 No additional charge© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  27. 27. Code Session TimeSEC101 A Guided Tour of AWS Identity and Access Management Wednesday 11/28 2.05pmSEC302 Delegating Access to Your AWS Environment Wednesday 11/28 3.25pmSEC303 TOP 10 IAM Best Practices Thursday 11/29 3pm
  28. 28. We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation form when you have a chance.

×