Cloud Computing 101 - Session#4

Alright, now that we are good with the CC (cloud computing) basics, we will learn today about IAM!

IAM - Identity & Access Management, Global service

Root account - by default; shouldn't be shared

users can be grouped; groups contain only users and not other groups; users can belong to multiple groups

IAM Permissions:

1. Users/Groups - assigned JSON docs called policies - defines permissions

2. apply the least privilege principle - don't give permissions than a user needs

You have two ways to login - through root user and through IAM user

IAM Policy structure:

1. version

2. id (optional)

3. statement (required) - consists of SID - identifier of statement (optional), effect (allow/deny), principal (Account/user/role) to which its applied to, action (list of actions this policy allows/denies), resource (list of resources actions are applied to)

Do some hands-on on how to create users, groups, update policies on AWS console.

IAM - MFA overview (Multi Factored Authentication)

MFA - password you know + security device that you own

could be Virtual MFA device, YubiKey (Universal 2nd factor security key)

or Hardware Key Fob

To access AWS you have 3 options:

1. AWS Management console (password+MFA)

2. AWS CLI - protected by access keys

3. AWS Software Developer Kit (SDK) - for code; protected by access keys

Access keys generated through aws console ; users manage their own access keys

AWS CLI

Tool that enables you to interact with AWS services using commands in command line shell

AWS SDK

Enables you to access & manage aws services programmatically ; language specific APIs; embeds within your application

IAM Roles for Services

Services used by AWS on behalf of IAM user.

Common roles:

1. EC2 Instance Roles

2. Lambda Function Roles

3. Roles for CloudFormation

You can create a role for AWS Services and then accordingly apply polices to these roles

That's all for today!