Using individual users for all access control is fine for small companies, but when you have tens, hundreds, thousands, or more users and interactions with other companies, this doesn’t scale well. Additionally, auditing the use of the various users, groups, and roles is critical to organizations of all sizes. In this course, Identity and Access Management on AWS: Roles and Groups, you will gain the ability to manage organizations of any size and to use roles properly. You'll also learn how to describe the various tools that are available to audit and manage the use of IAM. First, you will examine how groups can be used to simplify the management of collections of users. Next, you will discover the various use cases for roles, including some of the types of roles that help in those use cases. The role of the Security Token Service (STS) in relation to roles will be discussed. Best practices in relation to roles is also an important topic to be considered, as roles are one of the most misunderstood things in all of IAM. Finally, you will discover how to use the various tools that Amazon provides to manage, optimize, and audit IAM and the use of IAM permissions, including Credential Report, Access Advisor, CloudTrail, Trusted Advisor, and AWS Config. When you’re finished with this course, you will have the skills and knowledge to use roles and groups to secure your AWS infrastructure and to audit and optimize usage of IAM in AWS.
Brian is an energetic trainer and consultant with nearly 20 years of technical experience in datacenter management and design. As a virtualization instructor, Brian spends much of his time discussing the impact and intricacies of Software Defined Data Centers (SDDC), Software Defined Networking (SDN), and Software Defined Storage (SDS).
Course Overview Setting user permissions isn't my favorite job, and I bet it isn't yours either, but cloud security doesn't have to be difficult. In this video series on Amazon Web Services, you'll learn how to create and manage security via groups and roles in AWS's Identity and Access Management services. I'll start by showing you how to avoid assigning permissions to individual users. You'll learn to create groups, even for a single user. That way you can quickly reassign job roles if people go on vacation or leave the company. Then, we'll look at a way to grant temporary access to resources in your AWS account by using roles. You'll learn that roles can be used for so many things, from services and external consultants to just making it possible that your own account only has admin rights when you choose to swap into that role. We'll wrap up the course with a look at some of the security auditing tools like Credential Report, Access Advisor, and CloudTrail.