13. IAM
TEMPORARY
CREDENTIAL
S
Using IAM roles and temporary security
credentials means you don't always have to
manage long-term credentials and IAM users
for each entity that requires access to a
resource.
codespaces story - http://habrahabr.ru/post/227405/
bv story
habrahabr user interactive story - http://geektimes.ru/post/247794/
ec2, s3, vpc
RDS, Elastic Beanstalk, ELB
SQS, SNS, CloudFront
ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems.
IT-Grundschutz Compliance on Amazon Web Services is a new customer certification workbook that was developed and published by TÜV TRUST IT, an independent certification body. Unlike other certification credentials that apply exclusively to AWS, this workbook is a customer-focused certification enabler, providing a documentation framework to enable our customers to become certified for IT-Grundschutz on AWS.
Managing AWS Credentials
AWS Multi-factor authentication (MFA) provides an extra level of security for sign-in credentials. With MFA enabled, when users signs in to an AWS website, they will be prompted for their user name and password (the first factor–what they know), as well as for an authentication code from their MFA device (the second factor–what they have). You can also require MFA for users to delete S3 objects. We recommend you activate MFA for your AWS account and your IAM users to prevent unauthorized access to your AWS environment. Currently AWS supports Gemalto hardware MFA devices as well as virtual MFA devices in the form of smartphone applications.
MFA for API calls
An IAM role lets you define a set of permissions to access the resources that a user or service needs, but the permissions are not attached to a specific IAM user or group. Instead, IAM users, mobile and EC2-based applications, or AWS services (like Amazon EC2) can programmatically assume a role. Assuming the role returns temporary security credentials that the user or application can use to make for programmatic requests to AWS. These temporary security credentials have a configurable expiration and are automatically rotated. Using IAM roles and temporary security credentials means you don't always have to manage long-term credentials and IAM users for each entity that requires access to a resource.
Dell research
The Conformity Beaver loves lists, and properly formatted ones at that. Conformity Beaver insists that you tag your resources correctly, or suffer the consequences. On the plus side, when you follow the Conformity Beaver's rules you will find that she can be a worthwhile ally towards understanding your usage patterns and AWS costs.
Janitor Beaver just wants a nice clean cloud to live in. Janitor Beaver keeps busy tagging resources and finding sources of waste like unused or underutilized resources. Trust me, he'll let you know all about the things he finds
Security Beaver demands that we follow security best practices and will accept nothing less. When Security Beaver finds an issue he'll let everyone know about it and will keep reminding you about it until it's fix
He will search GitHub on your behalf to make sure that none of our AWS access keys show up anywhere within our source files or deployment scripts.
He will look at all of our users and make sure they're using MFA on their account.
Miserly Beaver
Track and find anomalies in costs