SlideShare a Scribd company logo

Amazon services iam

Download as PPTX, PDF
Ismaeel Enjreny
Ismaeel Enjreny

IAM allows users to create and manage identities and control access to AWS resources. Key aspects of IAM include groups, policies, roles, and users. Groups are collections of users that can be assigned permissions via policies. Policies define permissions and can be identity-based or resource-based. Roles allow assuming a temporary identity to access AWS services.

Software
1 of 46
AMAZON SERVICES - IAM Eng. Ismail Anjrini
IDENTITY AND ACCESS MANAGEMENT (IAM) • IAM is a feature of your AWS account offered at no additional charge • You can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources
IAM IDENTITIES • Groups • Policies • Managed Policies • Inline Policies • Customer Policies • Roles • Users
GROUPS • Is a collection of IAM users • Use groups to specify permissions for a collection of users • Any user in the group automatically has the permissions that are assigned to the group • Note that a group is not truly an identity because it cannot be identified as a Principal in a permission policy • A group can contain many users, and a user can belong to multiple groups • Groups can't be nested; they can contain only users, not other groups
GROUPS
POLICIES • Is an entity in AWS that, when attached to an identity or resource, defines their permissions • AWS evaluates these policies when a principal, such as a user, makes a request • Policies are stored in AWS as JSON documents attached to principals • Identity-Based Policies • Identity-based policies are permission policies that you can attach to a principal (or identity), such as an IAM user, role, or group • Resource-Based Policies • Resource-based policies are JSON policy documents that you attach to a resource such as an Amazon S3 bucket
POLICIES
JSON POLICIES • The policy document includes the following most used elements: • Effect: whether the policy allows or denies access • Action: the list of actions that are allowed or denied by the policy • Resource: the list of resources on which the actions can occur • Condition (Optional): the circumstances under which the policy grants permission
JSON POLICIES - Version • The Version elements specifies the language syntax rules that are to be used to process this policy • The Version element must appear before the Statement element • The only allowed values are these: • 2012-10-17. This is the current version of the policy language, and you should use this version number for all policies. • 2008-10-17. This was an earlier version of the policy language. You might see this version on existing policies. Do not use this version for any new policies or any existing policies that you are updating.
JSON POLICIES - Id • The Id element specifies an optional identifier for the policy • For services that let you set an ID element, we recommend you use a UUID (GUID) for the value
JSON POLICIES - Statement • Is the main element for a policy and required • Can include multiple elements • Contains an array of individual statements, each individual statement is a JSON block enclosed in braces { }
JSON POLICIES - Sid • The Sid (statement ID) is an optional identifier that you provide for the policy statement • Must be unique within a JSON policy
JSON POLICIES - Effect • Is required and specifies whether the statement results in an allow or an explicit deny • Valid values for Effect are Allow and Deny • By default, access to resources is denied
JSON POLICIES - Principal • Use the Principal element to specify the user (IAM user, federated user, or assumed- role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource • Specific AWS accounts
JSON POLICIES - Principal • Individual IAM user or users
JSON POLICIES - Principal
JSON POLICIES - Principal • AWS service • Everyone (anonymous users)
JSON POLICIES - Principal • Very few scenarios require the use of NotPrincipal, and we recommend that you explore other authorization options before you decide to use NotPrincipal • You can deny access to all principals except the one named in the NotPrincipal element
JSON POLICIES - Action • Describes the specific action or actions that will be allowed or denied • Statements must include either an Action or NotAction element • Each AWS service has its own set of actions that describe tasks that you can perform with that service • You specify a value using a namespace that identifies a service (iam, ec2 sqs, sns, s3, etc.) followed by the name of the action to allow or deny
JSON POLICIES - NotAction • NotAction element in a statement with "Effect": "Allow" provides access to all of the actions in an AWS service, except for the actions specified in NotAction • The following example allows users to access all of the actions in every Amazon S3 resource except for deleting a bucket. • The following example allows users to access every action in every AWS service except for IAM.
JSON POLICIES - Resource • Specifies the object or objects that the statement covers • Statements must include either a Resource or a NotResource element • You specify a resource using an ARN
JSON POLICIES - NotResource • Element that explicitly matches everything except the specified list of resources • Means that all of the resources, including the resources in all other services, that are not listed are allowed if you use the Allow effect, or are denied if you use the Deny effect • The following policy explicitly denies access to all Amazon S3 resources other than the listed resources
JSON POLICIES - Condition • The Condition element (or Condition block) lets you specify conditions for when a policy is in effect • The Condition element is optional
JSON POLICIES – String Condition Operators • StringEquals • StringNotEquals • StringEqualsIgnoreCase • StringNotEqualsIgnoreCase • StringLike • StringNotLike
JSON POLICIES – Numeric Condition Operators • NumericEquals • NumericNotEquals • NumericLessThan • NumericLessThanEquals • NumericGreaterThan • NumericGreaterThanEquals
JSON POLICIES – Date Condition Operators • You use these condition operators with the aws:CurrentTime key or aws:EpochTime keys • You must specify date/time values in epoch (UNIX) time • DateEquals • DateNotEquals • DateLessThan • DateLessThanEquals • DateGreaterThan • DateGreaterThanEquals
JSON POLICIES – Boolean Condition Operators • Boolean conditions let you construct Condition elements that restrict access based on comparing a key to "true" or "false.“ • Bool
JSON POLICIES – Binary Condition Operators • The BinaryEquals condition operator let you construct Condition elements that test key values that are in binary format. • It compares the value of the specified key byte for byte against a base-64 encoded representation of the binary value in the policy.
JSON POLICIES – IP Address Condition Operators • IP address condition operators let you construct Condition elements that restrict access based on comparing a key to an IPv4 or IPv6 address or range of IP addresses • You use these with the aws:SourceIp key • IpAddress • NotIpAddress
JSON POLICIES – ARN Condition Operators • ArnEquals • ArnLike • ArnNotEquals • ArnNotLike
JSON POLICIES – …IfExists Condition Operators • You can add IfExists to the end of any condition operator name except the Null condition • Example, StringLikeIfExists • You do this to say "If the policy key is present in the context of the request, process the key as specified in the policy • If the key is not present, I don't care; don't fail the comparison because of its absence • Many condition keys describe information about a certain type of resource and only exist when accessing that type of resource • These condition keys are not present on other types of resources
JSON POLICIES – …IfExists Condition Operators • If the resource being checked has an "ec2:InstanceType" condition key, then allow the action only if the key value begins with "t1.*", "t2.*", or "m3.*". If the resource being checked does not have that condition key, then don't worry about it.
JSON POLICIES – Null Condition Operators • Use a Null condition operator to check if a condition key is present at the time of authorization • Use either true (the key doesn't exist, it is null) • false (the key exists and its value is not null)
JSON POLICIES – Tests Multiple Key Values • You can use the ForAllValues or ForAnyValue qualifier with the condition operator • ForAnyValue • The condition returns true if any one of the key values in the request matches any one of the condition values in the policy • ForAllValues • The condition returns true if there's a match between every one of the specified key values in the request and at least one value in the policy
AWS Global and IAM Condition Context Keys • Available Global Condition Keys • AWS provides predefined condition keys for all AWS services that support IAM for access control • Available Keys for IAM • You can use condition keys in policies that control access to IAM resources • Available Keys for Web Identity Federation • If you are using web identity federation to give temporary security credentials to users who have been authenticated using an identity provider (IdP) such as Login with Amazon, Amazon Cognito, Google, or Facebook, additional condition keys are available when the temporary security credentials are used to make a request. These keys let you write policies that make sure that federated users can get access only to resources that are associated with a specific provider, app, or user. • Available Keys for SAML-Based Federation
AWS Service Actions and Condition Context Keys • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actionscondit ions.html
AWS MANAGED POLICIES • Is a standalone policy that is created and administered by AWS • Standalone policy means that the policy has its own Amazon Resource Name (ARN) that includes the policy name • arn:aws:iam::aws:policy/AdministratorAccess • Are designed to provide permissions for many common use cases • https://console.aws.amazon.com/iam/home#/policies
AWS INLINE POLICIES • An inline policy is a policy that's embedded in a principal entity (a user, group, or role) • You can create a policy and embed it in a principal entity, either when you create the principal entity or later
AWS CUSTOMER MANAGED POLICIES • Standalone policies that you administer in your own AWS account • You can attach the policies to multiple principal entities in your AWS account • A great way to create a customer managed policy is to start by copying an existing AWS managed policy
POLICIES
ROLES • An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS • You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources • Grant users in one AWS account access to resources in another account • Allow a mobile app to use AWS resources, but not want to embed AWS keys within the app
ROLES - COMMON SCENARIOS • Generally, we have two ways to use a role: interactively in the IAM console, or programmatically with the AWS CLI, Tools for Windows PowerShell, or API • IAM users in your account using the IAM console can switch to a role to temporarily use the permissions of the role in the console. The users give up their original permissions and take on the permissions assigned to the role. When the users exit the role, their original permissions are restored • An application or a service offered by AWS (like Amazon EC2) can assume a role by requesting temporary security credentials for a role with which to make programmatic requests to AWS
ROLES - COMMON SCENARIOS • Providing Access to an IAM User in Another AWS Account That You Own • Providing Access to AWS Accounts Owned by Third Parties • Providing Access to an AWS Service • Providing Access to Externally Authenticated Users (Identity Federation)
ROLES FOR ANOTHER AWS ACCOUNT • You create a role for this purpose • Specify the accounts by ID whose users need access in the Principal element of the role's trust policy • Grant specific users in those other accounts permissions to switch to the role • A user in one account can switch to a role in the same or a different account • While using the role, the user can perform only the actions and access only the resources permitted by the role • When the user exits the role, the original user permissions are restored
ROLES FOR ANOTHER AWS ACCOUNT • Using Separate Development and Production Accounts
SWITCH ROLE • Role sing in link (get it from role page) • https://signin.aws.amazon.com/switchrole?roleName=ROLE_NAME&account=ACCOUN T_ID • Switch permission

Recommended

Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live by
John Varghese
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english
Bogdan Naydenov
 
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Amazon Web Services
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep Dive
Adam Fokken
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
Brandon Wells
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy Ninja
Amazon Web Services
 
Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101
Goran Karmisevic
 

Recommended

Aws iam best practices to live by
Aws iam best practices to live byAws iam best practices to live by
Aws iam best practices to live by
John Varghese
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english
Bogdan Naydenov
 
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Amazon Web Services
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep Dive
Adam Fokken
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
Brandon Wells
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy Ninja
Amazon Web Services
 
Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101Windsor AWS UG Deep dive IAM 2 - no json101
Windsor AWS UG Deep dive IAM 2 - no json101
Goran Karmisevic
 
Policy Ninja
Policy NinjaPolicy Ninja
Policy Ninja
Amazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
Amazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
How to Become an IAM Policy Ninja
How to Become an IAM Policy NinjaHow to Become an IAM Policy Ninja
How to Become an IAM Policy Ninja
Amazon Web Services
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
Amazon Web Services
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPC
Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
Amazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Amazon Web Services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control Policies
Amazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
Amazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
Amazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Amazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
Amazon Web Services
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
genesesoftware
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
Amazon Web Services
 

More Related Content

What's hot

Policy Ninja
Policy NinjaPolicy Ninja
Policy Ninja
Amazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
Amazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
How to Become an IAM Policy Ninja
How to Become an IAM Policy NinjaHow to Become an IAM Policy Ninja
How to Become an IAM Policy Ninja
Amazon Web Services
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
Amazon Web Services
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPC
Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
Amazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Amazon Web Services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control Policies
Amazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
Amazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
Amazon Web Services
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAmazon Web Services
 
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Amazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
Amazon Web Services
 

What's hot (20)

Policy Ninja
Policy NinjaPolicy Ninja
Policy Ninja
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
How to Become an IAM Policy Ninja
How to Become an IAM Policy NinjaHow to Become an IAM Policy Ninja
How to Become an IAM Policy Ninja
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
 
In Depth: AWS IAM and VPC
In Depth: AWS IAM and VPCIn Depth: AWS IAM and VPC
In Depth: AWS IAM and VPC
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Mastering Access Control Policies
Mastering Access Control PoliciesMastering Access Control Policies
Mastering Access Control Policies
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
 
AWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated BillingAWS Identity and Access Management and Consolidated Billing
AWS Identity and Access Management and Consolidated Billing
 
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
Secure Amazon EC2 Environment with AWS IAM & Resource-Based Permissions (CPN2...
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 

Similar to Amazon services iam

Identity and access management
Identity and access managementIdentity and access management
Identity and access management
genesesoftware
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
Amazon Web Services
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
Amazon Web Services
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
Amazon Web Services
 
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
Amazon Web Services
 
SID314_IAM Policy Ninja
SID314_IAM Policy NinjaSID314_IAM Policy Ninja
SID314_IAM Policy Ninja
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon Web Services
 
AWS Config Rules - Advanced AWS Meetup
AWS Config Rules - Advanced AWS MeetupAWS Config Rules - Advanced AWS Meetup
AWS Config Rules - Advanced AWS Meetup
Ariel Smoliar
 
Amazon s3
Amazon s3Amazon s3
Amazon s3
android-vish
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
Nagesh Ramamoorthy
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
OpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior ArtOpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior Art
David Brossard
 
AWS core services
AWS core servicesAWS core services
AWS core services
Nagesh Ramamoorthy
 
Policy Ninja
Policy NinjaPolicy Ninja
Policy Ninja
Amazon Web Services
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
Amazon Web Services
 
Becoming an IAM Policy Ninja
Becoming an IAM Policy NinjaBecoming an IAM Policy Ninja
Becoming an IAM Policy Ninja
Amazon Web Services
 

Similar to Amazon services iam (20)

Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
 
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
AWS re:Invent 2016: How to Automate Policy Validation (SEC311)
 
SID314_IAM Policy Ninja
SID314_IAM Policy NinjaSID314_IAM Policy Ninja
SID314_IAM Policy Ninja
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
 
AWS Config Rules - Advanced AWS Meetup
AWS Config Rules - Advanced AWS MeetupAWS Config Rules - Advanced AWS Meetup
AWS Config Rules - Advanced AWS Meetup
 
Amazon s3
Amazon s3Amazon s3
Amazon s3
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
OpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior ArtOpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior Art
 
AWS core services
AWS core servicesAWS core services
AWS core services
 
Policy Ninja
Policy NinjaPolicy Ninja
Policy Ninja
 
Understanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and GovernanceUnderstanding the Critical Building Blocks of AWS Identity and Governance
Understanding the Critical Building Blocks of AWS Identity and Governance
 
Becoming an IAM Policy Ninja
Becoming an IAM Policy NinjaBecoming an IAM Policy Ninja
Becoming an IAM Policy Ninja
 

More from Ismaeel Enjreny

Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
Ismaeel Enjreny
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
 
Elastic 101 ingest manager
Elastic 101 ingest managerElastic 101 ingest manager
Elastic 101 ingest manager
Ismaeel Enjreny
 
Elastic 101 - API Logs
Elastic 101 - API Logs Elastic 101 - API Logs
Elastic 101 - API Logs
Ismaeel Enjreny
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
Ismaeel Enjreny
 
Elasticsearch k8s
Elasticsearch k8sElasticsearch k8s
Elasticsearch k8s
Ismaeel Enjreny
 
ELK Observability 1
ELK Observability 1ELK Observability 1
ELK Observability 1
Ismaeel Enjreny
 
ELK observability 2
ELK observability 2ELK observability 2
ELK observability 2
Ismaeel Enjreny
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
Ismaeel Enjreny
 
Deploy Elasticsearch Cluster on Kubernetes
Deploy Elasticsearch Cluster on KubernetesDeploy Elasticsearch Cluster on Kubernetes
Deploy Elasticsearch Cluster on Kubernetes
Ismaeel Enjreny
 
Redis 101 Data Structure
Redis 101 Data StructureRedis 101 Data Structure
Redis 101 Data Structure
Ismaeel Enjreny
 
Redis 101 - INTRO
Redis 101 - INTRORedis 101 - INTRO
Redis 101 - INTRO
Ismaeel Enjreny
 
Elastic 101 ingest manager
Elastic 101 ingest managerElastic 101 ingest manager
Elastic 101 ingest manager
Ismaeel Enjreny
 
Getting started with Elasticsearch in .net
Getting started with Elasticsearch in .netGetting started with Elasticsearch in .net
Getting started with Elasticsearch in .net
Ismaeel Enjreny
 
Elastic 101 log enrichment
Elastic 101 log enrichmentElastic 101 log enrichment
Elastic 101 log enrichment
Ismaeel Enjreny
 
Elastic 101 index operations
Elastic 101 index operationsElastic 101 index operations
Elastic 101 index operations
Ismaeel Enjreny
 
Elastic 101 - Get started
Elastic 101 - Get startedElastic 101 - Get started
Elastic 101 - Get started
Ismaeel Enjreny
 
دليل البرمجة باستخدام Dynamo DB للمبتدئين
دليل البرمجة باستخدام Dynamo DB للمبتدئيندليل البرمجة باستخدام Dynamo DB للمبتدئين
دليل البرمجة باستخدام Dynamo DB للمبتدئين
Ismaeel Enjreny
 
Amazon services ec2
Amazon services ec2Amazon services ec2
Amazon services ec2
Ismaeel Enjreny
 
Redis - Partitioning
Redis - PartitioningRedis - Partitioning
Redis - Partitioning
Ismaeel Enjreny
 

More from Ismaeel Enjreny (20)

Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
 
Elastic 101 ingest manager
Elastic 101 ingest managerElastic 101 ingest manager
Elastic 101 ingest manager
 
Elastic 101 - API Logs
Elastic 101 - API Logs Elastic 101 - API Logs
Elastic 101 - API Logs
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
Elasticsearch k8s
Elasticsearch k8sElasticsearch k8s
Elasticsearch k8s
 
ELK Observability 1
ELK Observability 1ELK Observability 1
ELK Observability 1
 
ELK observability 2
ELK observability 2ELK observability 2
ELK observability 2
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
 
Deploy Elasticsearch Cluster on Kubernetes
Deploy Elasticsearch Cluster on KubernetesDeploy Elasticsearch Cluster on Kubernetes
Deploy Elasticsearch Cluster on Kubernetes
 
Redis 101 Data Structure
Redis 101 Data StructureRedis 101 Data Structure
Redis 101 Data Structure
 
Redis 101 - INTRO
Redis 101 - INTRORedis 101 - INTRO
Redis 101 - INTRO
 
Elastic 101 ingest manager
Elastic 101 ingest managerElastic 101 ingest manager
Elastic 101 ingest manager
 
Getting started with Elasticsearch in .net
Getting started with Elasticsearch in .netGetting started with Elasticsearch in .net
Getting started with Elasticsearch in .net
 
Elastic 101 log enrichment
Elastic 101 log enrichmentElastic 101 log enrichment
Elastic 101 log enrichment
 
Elastic 101 index operations
Elastic 101 index operationsElastic 101 index operations
Elastic 101 index operations
 
Elastic 101 - Get started
Elastic 101 - Get startedElastic 101 - Get started
Elastic 101 - Get started
 
دليل البرمجة باستخدام Dynamo DB للمبتدئين
دليل البرمجة باستخدام Dynamo DB للمبتدئيندليل البرمجة باستخدام Dynamo DB للمبتدئين
دليل البرمجة باستخدام Dynamo DB للمبتدئين
 
Amazon services ec2
Amazon services ec2Amazon services ec2
Amazon services ec2
 
Redis - Partitioning
Redis - PartitioningRedis - Partitioning
Redis - Partitioning
 

Recently uploaded

top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 

Recently uploaded (20)

top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 

Amazon services iam

  • 1. AMAZON SERVICES - IAM Eng. Ismail Anjrini
  • 2. IDENTITY AND ACCESS MANAGEMENT (IAM) • IAM is a feature of your AWS account offered at no additional charge • You can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources
  • 3. IAM IDENTITIES • Groups • Policies • Managed Policies • Inline Policies • Customer Policies • Roles • Users
  • 4. GROUPS • Is a collection of IAM users • Use groups to specify permissions for a collection of users • Any user in the group automatically has the permissions that are assigned to the group • Note that a group is not truly an identity because it cannot be identified as a Principal in a permission policy • A group can contain many users, and a user can belong to multiple groups • Groups can't be nested; they can contain only users, not other groups
  • 6. POLICIES • Is an entity in AWS that, when attached to an identity or resource, defines their permissions • AWS evaluates these policies when a principal, such as a user, makes a request • Policies are stored in AWS as JSON documents attached to principals • Identity-Based Policies • Identity-based policies are permission policies that you can attach to a principal (or identity), such as an IAM user, role, or group • Resource-Based Policies • Resource-based policies are JSON policy documents that you attach to a resource such as an Amazon S3 bucket
  • 8. JSON POLICIES • The policy document includes the following most used elements: • Effect: whether the policy allows or denies access • Action: the list of actions that are allowed or denied by the policy • Resource: the list of resources on which the actions can occur • Condition (Optional): the circumstances under which the policy grants permission
  • 9. JSON POLICIES - Version • The Version elements specifies the language syntax rules that are to be used to process this policy • The Version element must appear before the Statement element • The only allowed values are these: • 2012-10-17. This is the current version of the policy language, and you should use this version number for all policies. • 2008-10-17. This was an earlier version of the policy language. You might see this version on existing policies. Do not use this version for any new policies or any existing policies that you are updating.
  • 10. JSON POLICIES - Id • The Id element specifies an optional identifier for the policy • For services that let you set an ID element, we recommend you use a UUID (GUID) for the value
  • 11. JSON POLICIES - Statement • Is the main element for a policy and required • Can include multiple elements • Contains an array of individual statements, each individual statement is a JSON block enclosed in braces { }
  • 12. JSON POLICIES - Sid • The Sid (statement ID) is an optional identifier that you provide for the policy statement • Must be unique within a JSON policy
  • 13. JSON POLICIES - Effect • Is required and specifies whether the statement results in an allow or an explicit deny • Valid values for Effect are Allow and Deny • By default, access to resources is denied
  • 14. JSON POLICIES - Principal • Use the Principal element to specify the user (IAM user, federated user, or assumed- role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource • Specific AWS accounts
  • 15. JSON POLICIES - Principal • Individual IAM user or users
  • 16. JSON POLICIES - Principal
  • 17. JSON POLICIES - Principal • AWS service • Everyone (anonymous users)
  • 18. JSON POLICIES - Principal • Very few scenarios require the use of NotPrincipal, and we recommend that you explore other authorization options before you decide to use NotPrincipal • You can deny access to all principals except the one named in the NotPrincipal element
  • 19. JSON POLICIES - Action • Describes the specific action or actions that will be allowed or denied • Statements must include either an Action or NotAction element • Each AWS service has its own set of actions that describe tasks that you can perform with that service • You specify a value using a namespace that identifies a service (iam, ec2 sqs, sns, s3, etc.) followed by the name of the action to allow or deny
  • 20. JSON POLICIES - NotAction • NotAction element in a statement with "Effect": "Allow" provides access to all of the actions in an AWS service, except for the actions specified in NotAction • The following example allows users to access all of the actions in every Amazon S3 resource except for deleting a bucket. • The following example allows users to access every action in every AWS service except for IAM.
  • 21. JSON POLICIES - Resource • Specifies the object or objects that the statement covers • Statements must include either a Resource or a NotResource element • You specify a resource using an ARN
  • 22. JSON POLICIES - NotResource • Element that explicitly matches everything except the specified list of resources • Means that all of the resources, including the resources in all other services, that are not listed are allowed if you use the Allow effect, or are denied if you use the Deny effect • The following policy explicitly denies access to all Amazon S3 resources other than the listed resources
  • 23. JSON POLICIES - Condition • The Condition element (or Condition block) lets you specify conditions for when a policy is in effect • The Condition element is optional
  • 24. JSON POLICIES – String Condition Operators • StringEquals • StringNotEquals • StringEqualsIgnoreCase • StringNotEqualsIgnoreCase • StringLike • StringNotLike
  • 25. JSON POLICIES – Numeric Condition Operators • NumericEquals • NumericNotEquals • NumericLessThan • NumericLessThanEquals • NumericGreaterThan • NumericGreaterThanEquals
  • 26. JSON POLICIES – Date Condition Operators • You use these condition operators with the aws:CurrentTime key or aws:EpochTime keys • You must specify date/time values in epoch (UNIX) time • DateEquals • DateNotEquals • DateLessThan • DateLessThanEquals • DateGreaterThan • DateGreaterThanEquals
  • 27. JSON POLICIES – Boolean Condition Operators • Boolean conditions let you construct Condition elements that restrict access based on comparing a key to "true" or "false.“ • Bool
  • 28. JSON POLICIES – Binary Condition Operators • The BinaryEquals condition operator let you construct Condition elements that test key values that are in binary format. • It compares the value of the specified key byte for byte against a base-64 encoded representation of the binary value in the policy.
  • 29. JSON POLICIES – IP Address Condition Operators • IP address condition operators let you construct Condition elements that restrict access based on comparing a key to an IPv4 or IPv6 address or range of IP addresses • You use these with the aws:SourceIp key • IpAddress • NotIpAddress
  • 30. JSON POLICIES – ARN Condition Operators • ArnEquals • ArnLike • ArnNotEquals • ArnNotLike
  • 31. JSON POLICIES – …IfExists Condition Operators • You can add IfExists to the end of any condition operator name except the Null condition • Example, StringLikeIfExists • You do this to say "If the policy key is present in the context of the request, process the key as specified in the policy • If the key is not present, I don't care; don't fail the comparison because of its absence • Many condition keys describe information about a certain type of resource and only exist when accessing that type of resource • These condition keys are not present on other types of resources
  • 32. JSON POLICIES – …IfExists Condition Operators • If the resource being checked has an "ec2:InstanceType" condition key, then allow the action only if the key value begins with "t1.*", "t2.*", or "m3.*". If the resource being checked does not have that condition key, then don't worry about it.
  • 33. JSON POLICIES – Null Condition Operators • Use a Null condition operator to check if a condition key is present at the time of authorization • Use either true (the key doesn't exist, it is null) • false (the key exists and its value is not null)
  • 34. JSON POLICIES – Tests Multiple Key Values • You can use the ForAllValues or ForAnyValue qualifier with the condition operator • ForAnyValue • The condition returns true if any one of the key values in the request matches any one of the condition values in the policy • ForAllValues • The condition returns true if there's a match between every one of the specified key values in the request and at least one value in the policy
  • 35. AWS Global and IAM Condition Context Keys • Available Global Condition Keys • AWS provides predefined condition keys for all AWS services that support IAM for access control • Available Keys for IAM • You can use condition keys in policies that control access to IAM resources • Available Keys for Web Identity Federation • If you are using web identity federation to give temporary security credentials to users who have been authenticated using an identity provider (IdP) such as Login with Amazon, Amazon Cognito, Google, or Facebook, additional condition keys are available when the temporary security credentials are used to make a request. These keys let you write policies that make sure that federated users can get access only to resources that are associated with a specific provider, app, or user. • Available Keys for SAML-Based Federation
  • 36. AWS Service Actions and Condition Context Keys • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actionscondit ions.html
  • 37. AWS MANAGED POLICIES • Is a standalone policy that is created and administered by AWS • Standalone policy means that the policy has its own Amazon Resource Name (ARN) that includes the policy name • arn:aws:iam::aws:policy/AdministratorAccess • Are designed to provide permissions for many common use cases • https://console.aws.amazon.com/iam/home#/policies
  • 38. AWS INLINE POLICIES • An inline policy is a policy that's embedded in a principal entity (a user, group, or role) • You can create a policy and embed it in a principal entity, either when you create the principal entity or later
  • 39. AWS CUSTOMER MANAGED POLICIES • Standalone policies that you administer in your own AWS account • You can attach the policies to multiple principal entities in your AWS account • A great way to create a customer managed policy is to start by copying an existing AWS managed policy
  • 41. ROLES • An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS • You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources • Grant users in one AWS account access to resources in another account • Allow a mobile app to use AWS resources, but not want to embed AWS keys within the app
  • 42. ROLES - COMMON SCENARIOS • Generally, we have two ways to use a role: interactively in the IAM console, or programmatically with the AWS CLI, Tools for Windows PowerShell, or API • IAM users in your account using the IAM console can switch to a role to temporarily use the permissions of the role in the console. The users give up their original permissions and take on the permissions assigned to the role. When the users exit the role, their original permissions are restored • An application or a service offered by AWS (like Amazon EC2) can assume a role by requesting temporary security credentials for a role with which to make programmatic requests to AWS
  • 43. ROLES - COMMON SCENARIOS • Providing Access to an IAM User in Another AWS Account That You Own • Providing Access to AWS Accounts Owned by Third Parties • Providing Access to an AWS Service • Providing Access to Externally Authenticated Users (Identity Federation)
  • 44. ROLES FOR ANOTHER AWS ACCOUNT • You create a role for this purpose • Specify the accounts by ID whose users need access in the Principal element of the role's trust policy • Grant specific users in those other accounts permissions to switch to the role • A user in one account can switch to a role in the same or a different account • While using the role, the user can perform only the actions and access only the resources permitted by the role • When the user exits the role, the original user permissions are restored
  • 45. ROLES FOR ANOTHER AWS ACCOUNT • Using Separate Development and Production Accounts
  • 46. SWITCH ROLE • Role sing in link (get it from role page) • https://signin.aws.amazon.com/switchrole?roleName=ROLE_NAME&account=ACCOUN T_ID • Switch permission