Managing AWS Security and Identity

Security is one of the number-one issues for those considering moving workloads to the cloud. This course shows how to use AWS IAM services to tighten security and lock down resources.
Course info
Rating
(35)
Level
Intermediate
Updated
Nov 17, 2016
Duration
6h 56m
Table of contents
Course Overview
User Security and Identity and Access Management
Creating and Managing IAM Users
IAM Groups and Best Practices
Assigning Policies to Users and Groups
When to Use Roles Instead of Users
Auditing User Account Access
Federating Multiple AWS Accounts
Federating with External Identity Providers
Description
Course info
Rating
(35)
Level
Intermediate
Updated
Nov 17, 2016
Duration
6h 56m
Description

Follow along and go through the best practices of AWS account security from two different vantage points. In this course, Managing AWS Security and Identity, you'll learn how to configure Amazon's Identity and Access Management feature, commonly known as IAM. First, you'll discover IAM user and group security best practices and IAM policies. Next, you'll explore when and how to use IAM roles and how to account audit. Finally, you'll learn about federating multiple AWS accounts and federating AWS IAM accounts with an external identity provider, such as active directory. By the end of this course, you'll be able to properly secure your AWS accounts using policies, two-factor authentication and even permit other AWS accounts access to the resources in your account.

About the author
About the author

Brian is an energetic trainer and consultant with nearly 20 years of technical experience in datacenter management and design. As a virtualization instructor, Brian spends much of his time discussing the impact and intricacies of Software Defined Data Centers (SDDC), Software Defined Networking (SDN), and Software Defined Storage (SDS).

More from the author
More courses by Brian Eiler
About the author

John Hales is a trainer, consultant, and courseware developer in the areas of virtualization, storage, and networking. He has published more than 60 books and has written many courses for internal use at Fortune 500 companies. He has also trained in Europe, Asia, Australia, and North America.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Brian Eiler, and welcome to our course on Managing AWS Security and Identity. This course is for anyone out there with an Amazon Web Services account or even those of you planning to create one. As you may already know, AWS accounts hold the keys to your online kingdom in the cloud. This calls for maximum security planning, even if you're a consultant like me. I have over 20 years of experience as an IT infrastructure consultant, but today my role is helping organizations like yours adopt a proper cloud strategy. Together, with my colleague, John Hales, who is also a consultant, as well as a noted AWS expert, you'll learn the do's and don'ts of AWS account security from two different vantage points. First, you'll apply what you've learned by looking through the eyes of a consultant working for a small company names Wired Brain Coffee. Then, you'll apply that same knowledge, usually in quite a different manner, to a much larger, global company names Globomantics. Through these two perspectives, you'll learn how to configure Amazon's Identity and Access Management feature, commonly known as IAM. We will explain IAM user and group security best practices, IAM policies, when and how to use IAM roles, account auditing, federating multiple AWS accounts, and finally, federating AWS IAM accounts with an external identity provider, such as Active Directory. By the end of this course, you'll be able to properly secure your AWS accounts using policies, two-factor authentication, and even permit other AWS accounts access to the resources in your account. Before beginning this course, you should be familiar with the basics of Amazon Web Services. For those of you that wish to follow along, we'll show you how to create an Amazon account during one of our demonstrations. I hope you'll join us on this journey to take your Amazon account security to the next level with the Managing AWS Security and Identity course at Pluralsight.

User Security and Identity and Access Management
Welcome to Managing AWS Security and Identity. My name is Brian Eiler, and with me is my colleague, John Hales. In this video series, we will introduce you to Amazon's Identity and Access Management features, commonly called IAM. You will learn how to work with Amazon's root account, set up and maintain IAM users, groups, and roles, including how you can apply policies to them. We'll also show you how you can easily audit account access to find out who did what in your account. Finally, we'll discuss how you can integrate Amazon with other authentication services, like your onsite Active Directory. In this course, we'll start with the importance of the root account, and how you can properly use it and manage it. Then, we'll discuss Wired Brain and Globomantics, two of my companies, and we'll talk about how their security and compliance requirements effect their design as it pertains to IAM.

Creating and Managing IAM Users
Welcome to Managing AWS Security and Identity. My name is Brian Eiler, and with me is my colleague John Hales. In this module, we're going to discuss how you can create and manage IAM users and stop using that root account we introduced in the previous chapter. To begin with, we're going to look at what are IAM users. Where do they fit? Then we'll look at password policies. We want to make sure that things are done securely for these users. Then we'll look at access keys and key pairs and why they matter and where they fit. Then we'll look at multi-factor authentication. We said that was important for the root account. You can use it there, and should, but you can also use it for any IAM user you create. Then we'll take a look at permissions, what they are, why they matter, and actually being able to use the IAM users we're creating.

Assigning Policies to Users and Groups
Welcome to Managing AWS Security and Identity. My name is Brian Eiler, and with me is my colleague, John Hales. In this module, we're going to look at policies. We've mentioned them in the last several chapters, but we really haven't dived into the details of how do they work, and how do we actually assign them, besides just the basics to get us started in using the system. We're going to begin by looking at IAM policies and their structure. Then we'll turn our attention to managed and inline policies, and how they work. Then we'll take a look at versioning of policies, and why I might want to do that, and how I can go back to an older version. And we'll conclude with a question that Brian has asked several times in previous chapters, and that is, the policy simulator. How do I know the policy that I thought I applied is really what I ended up with?

When to Use Roles Instead of Users
Welcome to Managing AWS Security and Identity. My name is Brian Eiler, and I'm with my colleague, John Hales. In this module, we're going to take a look at when you might use roles instead of users. We spent quite a bit of time looking at users and groups. We'll look at the third major IAM object. We'll begin by understanding what roles are. Then we'll take a look at why we have them and some of their benefits, and then we'll briefly introduce the idea of cross-account access using roles. We'll really dive into that in detail in a later module.

Auditing User Account Access
Welcome to managing AWS Security and Identity. My name is Brian Eiler, and here with me is my colleague, John Hales. In this module, we're going to look at how to audit user account access, in other words, IAM. we're not looking at all of the auditing things we could do in Amazon, that's a very large topic, just the IAM piece here. In this module, we'll begin by looking at the auditing in general, and then look at the AWS auditing tools. Specifically, we're going to take a look at CloudTrail, then we'll look at Access Advisor, Credential Report, Trusted Advisor, and finally, Amazon Inspector.

Federating Multiple AWS Accounts
Welcome to Managing AWS Security and Identity. My name is Brian Eiler, and I'm here with my colleague, John Hales. In this module, we're going to look at federating multiple Amazon accounts together. We've introduced that back in the Roles chapter, but we're going to dive into the details in this chapter. Specifically, we're going to look at why you might have multiple Amazon accounts in the first place. Then we'll look at cross-account access between them, we'll look at using them for backup and disaster recovery purposes, we'll look at billing across all of them, and we'll conclude with a tour of centralized logging, and how you can log from multiple Amazon accounts into a centralized location.

Federating with External Identity Providers
Welcome to AWS Managing Security and Identity. My name is Brian Eiler, and with me is my colleague, John Hales. In this module, our last module, we're going to look at federating with various external identity providers. We're going to begin just talking about what exactly is AWS Federation. Then, we'll look at the fundamental of Federation. Then we'll look at how to federate with corporate identities like Active Directory. And we'll conclude with a review of federating with social identities like Google or Facebook.