SR
Uploaded byShawshank Redemption
PPTX, PDF26 views

IAM_part1.pptx

This document summarizes ways to access AWS and manage identity and access. It discusses the AWS Management Console, AWS CLI, SDKs, and IAM API for accessing AWS. It then covers key aspects of IAM including centralized control, shared access, granular permissions, identity federation, MFA, password policies, integration with AWS services, and resource limits. It also discusses managed policies, inline policies, and resource-based policies for controlling access and permissions.

Embed presentation

Download to read offline
ACCESSING AWS • AWS Management Console • AWS Command Line Tools - to issue commands at your system's command line to perform IAM and AWS tasks. (AWS CLI and AWS tools for windows powershell) • AWS SDKs - AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). • Calling the IAM API using HTTP query requests
IDENTITY AND ACCESS MANAGEMENT • Centralized control and IAM is universal • Shared Access and Granular Permissions • Identity Federation • MFA – Multi Factor Authentication • Password Rotation Policy • Integration with different AWS Services - Roles • PCI DSS Compliance - Payment Card Industry (PCI) Data Security Standard (DSS) • Root Account – first created account • New Users – no permission by default • They have access key id and secret access key – to access AWS resources via APIs and CLI
GROUPS AND USERS
IAM Resource Limits Resource Limit Access keys assigned to an IAM user 2 Access keys assigned to the AWS account root user 2 Aliases for an AWS account 1 Groups an IAM user can be a member of 10 IAM users in a group Equal to the user quota for the account Users in an AWS account 5000 Identity providers (IdPs) associated with an IAM SAML provider object 10 Keys per SAML provider 10 Login profiles for an IAM user 1 Managed policies attached to an IAM group 10 Permissions boundaries for an IAM user 1 Permissions boundaries for an IAM role 1 MFA devices in use by an IAM user 1 MFA devices in use by the AWS account root user 1 Roles in an instance profile 1 SAML providers in an AWS account 100 Signing certificates assigned to an IAM user 2 SSH public keys assigned to an IAM user 5 Tags that can be attached to an IAM role 50 Tags that can be attached to an IAM user 50 Versions of a managed policy that can be stored 5
MFA – MULTI FACTOR AUTHENTICATION • Virtual MFA devices - A software app that runs on a phone or other mobile device and emulates a physical device. • U2F security key - A device that you plug into a USB port on your computer. U2F is an open authentication standard hosted by the FIDO Alliance. When you enable a U2F security key, you sign in by entering your credentials and then tapping the device instead of manually entering a code. • Hardware MFA device - A hardware device that generates a six- digit numeric code based upon a time-synchronized one-time password algorithm.
PASSWORD POLICY
POLICIES AND ROLES • If you manage a single account in AWS, then you define the permissions within that account using policies. • If you manage permissions across multiple accounts, it is more difficult to manage permissions for your users. • You can use IAM roles, resource-based policies, or access control lists (ACLs) for cross-account permissions.
IDENTITY BASED POLICIES Identity-based policies control what actions the identity can perform, on which resources, and under what conditions. Identity-based policies can be further categorized: – Managed policies – Standalone identity-based policies that you can attach to multiple users, groups, and roles in your AWS account. You can use two types of managed policies: • AWS managed policies – Managed policies that are created and managed by AWS. • Customer managed policies – Managed policies that you create and manage in your AWS account. Customer managed policies provide more precise control over your policies than AWS managed policies. You can create and edit an IAM policy in the visual editor or by creating the JSON policy document directly. – Inline policies – Policies that you create and manage and that are embedded directly into a single user, group, or role. In most cases, we don't recommend using inline policies.
RESOURCE BASED POLICIES • Resource-based policies control what actions a specified principal can perform on that resource and under what conditions. • Resource-based policies are inline policies, and there are no managed resource-based policies. • To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource- based policy.
BILLING ALARM CREATION • My Billing dashboard  Receive Billing Alerts and verify the email address • Cloud Watch – In N. Virginia location the billing alarm can be set as of now and not on other Regions • Cloud Watch  Billing  Create Alarm

More Related Content

PPTX
AWS core services
byNagesh Ramamoorthy
 
PPTX
Aws IAM
byChamali Liyanage
 
PPTX
AWS deployment and management Services
byNagesh Ramamoorthy
 
PPTX
Identity access management (iam)
byParag Patil
 
PDF
AWS IAM -- Notes of 20130403 Doc Version
byErnest Chiang
 
PPTX
Identity and Access Management-CLOUD.pptx
bymuthulakshmi279332
 
PPTX
Aws education interest to enhance career IAM.pptx
byMinionjaipur
 
PPTX
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
by😸 Richard Spindler
 
AWS core services
byNagesh Ramamoorthy
 
Aws IAM
byChamali Liyanage
 
AWS deployment and management Services
byNagesh Ramamoorthy
 
Identity access management (iam)
byParag Patil
 
AWS IAM -- Notes of 20130403 Doc Version
byErnest Chiang
 
Identity and Access Management-CLOUD.pptx
bymuthulakshmi279332
 
Aws education interest to enhance career IAM.pptx
byMinionjaipur
 
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
by😸 Richard Spindler
 

Similar to IAM_part1.pptx

PPTX
AWS Identity and access management for users
byStephenEfange3
 
PPTX
Aws iam best practices to live by
byJohn Varghese
 
PPTX
AWS IAM user management system presentation
bysudheerskammili
 
PPTX
AWS IAM and security
byErik Paulsson
 
PPTX
Identity and access management
bygenesesoftware
 
ODP
Introduction to AWS IAM
byKnoldus Inc.
 
PDF
AWS Identity Access Management
byRichard Harvey
 
PDF
Aws security Fundamentals
byChristopher Caplan
 
PPTX
Aws security best practices
bySundeep Roxx
 
PPTX
Identity Access Management presented by Techserverglobal
byHarpalGohil4
 
PPTX
AWSM2C3.pptx
byRahulDange13
 
PPTX
Identity Access Management by Techserverglobal.pptx
byHarpalGohil4
 
PPTX
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
byBrandon Wells
 
PDF
Advanced Security Masterclass - Tel Aviv Loft
byIan Massingham
 
PPTX
cLASE 3 DE 40 Es por esoque debes teber 40 c.pptx
byCarlosGil57586
 
PPTX
It's 10pm, Do You Know Where Your Access Keys Are?
byKen Johnson
 
PPTX
AWS-IAM-intro-2016-08-03.pptx
byBima Ariateja
 
PPTX
ABAC in AWS
byJasperRianeMendoza
 
PPTX
AWS Intro
byHernnCSaltiel
 
PPTX
Windsor AWS UG Deep dive IAM 2 - no json101
byGoran Karmisevic
 
AWS Identity and access management for users
byStephenEfange3
 
Aws iam best practices to live by
byJohn Varghese
 
AWS IAM user management system presentation
bysudheerskammili
 
AWS IAM and security
byErik Paulsson
 
Identity and access management
bygenesesoftware
 
Introduction to AWS IAM
byKnoldus Inc.
 
AWS Identity Access Management
byRichard Harvey
 
Aws security Fundamentals
byChristopher Caplan
 
Aws security best practices
bySundeep Roxx
 
Identity Access Management presented by Techserverglobal
byHarpalGohil4
 
AWSM2C3.pptx
byRahulDange13
 
Identity Access Management by Techserverglobal.pptx
byHarpalGohil4
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
byBrandon Wells
 
Advanced Security Masterclass - Tel Aviv Loft
byIan Massingham
 
cLASE 3 DE 40 Es por esoque debes teber 40 c.pptx
byCarlosGil57586
 
It's 10pm, Do You Know Where Your Access Keys Are?
byKen Johnson
 
AWS-IAM-intro-2016-08-03.pptx
byBima Ariateja
 
ABAC in AWS
byJasperRianeMendoza
 
AWS Intro
byHernnCSaltiel
 
Windsor AWS UG Deep dive IAM 2 - no json101
byGoran Karmisevic
 

Recently uploaded

PPTX
Privacy Preserving Detection of Sensitive Data Exposure (1).pptx
byNikitaMandhan4
 
PPTX
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PDF
DSD-INT 2025 Stochastic flood event generation using wflow and a diffusion do...
byDeltares
 
PPTX
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
PPTX
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PPTX
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PDF
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
PPTX
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
PPTX
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
PDF
DSD-INT 2025 Integrating Nature-Based Solutions into Hydrological Models A Li...
byDeltares
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Privacy Preserving Detection of Sensitive Data Exposure (1).pptx
byNikitaMandhan4
 
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
Coding Assessment Tools .pdf
byCodexpro
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
DSD-INT 2025 Stochastic flood event generation using wflow and a diffusion do...
byDeltares
 
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
application security presentation 2 by harman
byharmanideapad
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
DSD-INT 2025 Integrating Nature-Based Solutions into Hydrological Models A Li...
byDeltares
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 

IAM_part1.pptx

  • 1.
    ACCESSING AWS • AWSManagement Console • AWS Command Line Tools - to issue commands at your system's command line to perform IAM and AWS tasks. (AWS CLI and AWS tools for windows powershell) • AWS SDKs - AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). • Calling the IAM API using HTTP query requests
  • 2.
    IDENTITY AND ACCESSMANAGEMENT • Centralized control and IAM is universal • Shared Access and Granular Permissions • Identity Federation • MFA – Multi Factor Authentication • Password Rotation Policy • Integration with different AWS Services - Roles • PCI DSS Compliance - Payment Card Industry (PCI) Data Security Standard (DSS) • Root Account – first created account • New Users – no permission by default • They have access key id and secret access key – to access AWS resources via APIs and CLI
  • 3.
  • 6.
    IAM Resource Limits ResourceLimit Access keys assigned to an IAM user 2 Access keys assigned to the AWS account root user 2 Aliases for an AWS account 1 Groups an IAM user can be a member of 10 IAM users in a group Equal to the user quota for the account Users in an AWS account 5000 Identity providers (IdPs) associated with an IAM SAML provider object 10 Keys per SAML provider 10 Login profiles for an IAM user 1 Managed policies attached to an IAM group 10 Permissions boundaries for an IAM user 1 Permissions boundaries for an IAM role 1 MFA devices in use by an IAM user 1 MFA devices in use by the AWS account root user 1 Roles in an instance profile 1 SAML providers in an AWS account 100 Signing certificates assigned to an IAM user 2 SSH public keys assigned to an IAM user 5 Tags that can be attached to an IAM role 50 Tags that can be attached to an IAM user 50 Versions of a managed policy that can be stored 5
  • 7.
    MFA – MULTIFACTOR AUTHENTICATION • Virtual MFA devices - A software app that runs on a phone or other mobile device and emulates a physical device. • U2F security key - A device that you plug into a USB port on your computer. U2F is an open authentication standard hosted by the FIDO Alliance. When you enable a U2F security key, you sign in by entering your credentials and then tapping the device instead of manually entering a code. • Hardware MFA device - A hardware device that generates a six- digit numeric code based upon a time-synchronized one-time password algorithm.
  • 8.
  • 9.
    POLICIES AND ROLES •If you manage a single account in AWS, then you define the permissions within that account using policies. • If you manage permissions across multiple accounts, it is more difficult to manage permissions for your users. • You can use IAM roles, resource-based policies, or access control lists (ACLs) for cross-account permissions.
  • 10.
    IDENTITY BASED POLICIES Identity-basedpolicies control what actions the identity can perform, on which resources, and under what conditions. Identity-based policies can be further categorized: – Managed policies – Standalone identity-based policies that you can attach to multiple users, groups, and roles in your AWS account. You can use two types of managed policies: • AWS managed policies – Managed policies that are created and managed by AWS. • Customer managed policies – Managed policies that you create and manage in your AWS account. Customer managed policies provide more precise control over your policies than AWS managed policies. You can create and edit an IAM policy in the visual editor or by creating the JSON policy document directly. – Inline policies – Policies that you create and manage and that are embedded directly into a single user, group, or role. In most cases, we don't recommend using inline policies.
  • 11.
    RESOURCE BASED POLICIES •Resource-based policies control what actions a specified principal can perform on that resource and under what conditions. • Resource-based policies are inline policies, and there are no managed resource-based policies. • To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource- based policy.
  • 12.
    BILLING ALARM CREATION •My Billing dashboard  Receive Billing Alerts and verify the email address • Cloud Watch – In N. Virginia location the billing alarm can be set as of now and not on other Regions • Cloud Watch  Billing  Create Alarm