From the course: Learning Amazon Web Services (AWS) for Developers
Identity and Access Management (IAM) - Amazon Web Services (AWS) Tutorial
From the course: Learning Amazon Web Services (AWS) for Developers
Identity and Access Management (IAM)
- [Instructor] As with any platform where you have an account, you should always consider security. We're going to talk about security first using IAM. You can get there from the recently visited if it's listed, your favorites or from the services drop down. I'm going to scroll down to security, identity and compliance and then find IAM and click on that. IAM stands for Identity and Access Management or IIAM or IAM. Now, there's two primary concepts I want to talk about here. One is users. So as you might expect, you can create various user accounts, give them different user names and so forth and then you want to give them permissions. To do that, you attach policies to the specific account. Notice that this root account has one policy which is administrator access, which of course gives them permission for everything. If we look at the policy summary here, we'll see that for every service they have full access on all resources. We can look at the JSON. We see it uses wildcards to allow everything on everything. Now, if you were creating another user account, you probably wouldn't want to give them all those permissions. So instead, when you clicked add permissions or during the account creation, you might attach existing policies directly and do a search for something like DynamoDB and give them access to that. You can also do it through user groups which we'll talk about in the next video or you can copy permissions from an existing user. So users get permissions through policies and there are a lot of existing policies. You can even create your own policies. There's over 900 policies here that are defined in AWS and you can create your own. User groups allows you to create a group and attach policies to it. For example, if you have a tester group and then whenever you create a tester account, you can just assign them to the group and if necessary assign them other policies, but they would have a collection of these policies that you could change just in one place. Roles is the other big concept. This allows you to assign policies to a role that a service can adopt when it's running. So if you have a Lambda that needs to access DynamoDB and SNS, you could create a role with those two and assign it to the Lambda. Then the Lambda would have permission for that. All of your Lambdas may have the same role or they may use different roles. You can also use identity providers in AWS to allow users to log in with that and you can specify various account settings for your accounts that get created for things like changing the password. We're going to go into some more details of users and user groups in the next few videos. So hopefully it'll become more and more clear.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
