Cloud Computing 101 - Session#2

Alright! Apologies for missing several days between the 1st session and this session. My brother got married recently and it was such a hectic process! Anywhooo- it's finally done and I am glad!

Alright, it's time to buckle up for the next lesson on IAM!

IAM - Identity and Access Management, Global service

1. Root account - created by default

2. Users can be grouped ; groups can only contain users and not other groups

3. users can be alone; can belong to multiple groups

Why the need for groups?

- To grant permissions accordingly (like applying least privilege principle - not giving more permissions than the user needs)

It's pretty easy to create IAM users.

1. Search for IAM

2. On the left hand side Menu - click on "Users" -> Add Users

3. Grant access permission accordingly

4. You can add the user to group or create a new one

5. Add "Tags"

and final Review!

You can also change alias of the IAM user.

IAM Access and Policies:

1. Based on which group the user is part of (one or multiple) accordingly users will inherit access and permissions

2. Policy structure is in JSON format

• SID (statement ID) - an identifier

• Effect - allows/denies

• principal - account/user/role

• action - list of actions policies accepts

• resource - list of resources policies is applied to

• condition - condition for which policy is in effect

IAM - Multi Factor Authentication (MFA)

MFA= Password you know + security device that you own

Virtual MFA applications: Authy, Google authenticator etc

You can also access using "Access Keys:" - PLEASE DON'T SHARE THESE WITH ANYONE. TREAT IT LIKE A PASSWORD.