Identity and Access Management on AWS: Roles and Groups
This course explains the proper use of roles and groups in AWS and provides best practices for their use. It also covers the tools that can be used to audit the use of IAM.
What you'll learn
Using individual users for all access control is fine for small companies, but when you have tens, hundreds, thousands, or more users and interactions with other companies, this doesn’t scale well. Additionally, auditing the use of the various users, groups, and roles is critical to organizations of all sizes. In this course, Identity and Access Management on AWS: Roles and Groups, you will gain the ability to manage organizations of any size and to use roles properly. You'll also learn how to describe the various tools that are available to audit and manage the use of IAM. First, you will examine how groups can be used to simplify the management of collections of users. Next, you will discover the various use cases for roles, including some of the types of roles that help in those use cases. The role of the Security Token Service (STS) in relation to roles will be discussed. Best practices in relation to roles is also an important topic to be considered, as roles are one of the most misunderstood things in all of IAM. Finally, you will discover how to use the various tools that Amazon provides to manage, optimize, and audit IAM and the use of IAM permissions, including Credential Report, Access Advisor, CloudTrail, Trusted Advisor, and AWS Config. When you’re finished with this course, you will have the skills and knowledge to use roles and groups to secure your AWS infrastructure and to audit and optimize usage of IAM in AWS.
Table of contents
- Module Introduction 1m
- IAM Roles 3m
- Trust Policies 3m
- AWS Security Token Service (STS) 3m
- Service Role 4m
- Demo 4: Create and Assign IAM Service Roles 9m
- Delegated Role 3m
- Demo 5: Setting up Cross-Account Access Using an IAM Role 8m
- Federated Role 6m
- Demo 6: Setting up SAML 2.0-based Federation 3m
- Best Practices 2m
- Summary 1m
- Module Intro 1m
- IAM Best Practices 7m
- Access Control Tools 1m
- Credential Report 3m
- Demo 7: Credential Report 1m
- Access Advisor 6m
- Demo 8: Monitor Usage through Access Advisor 4m
- AWS CloudTrail 11m
- Demo 9: Accessing AWS CloudTrail 4m
- Trusted Advisor 6m
- Demo 10: Using Trusted Advisor 4m
- AWS Config 7m
- Demo 11: Using AWS Config 6m
- Summary 2m
About the author
Brian's technical background includes almost 20 years of implementing, teaching, and writing about products from VMware, Microsoft, Citrix, IBM, HP, EMC, Dell, and Cisco. In addition to his other certifications, he holds VMware's advanced instructor credential (VCI-Level 2) and two of their most advanced design and implementation credentials: VCAP-DCD and VCAP-DCA. Brian has recently begun taking his classroom and field experience to the masses by authoring a number of publications, training cou... more