From the course: Complete Guide to AWS Security and Compliance Management
Join today to access over 24,700 courses taught by industry experts.
Illustrating access restrictions - Amazon Web Services (AWS) Tutorial
From the course: Complete Guide to AWS Security and Compliance Management
Illustrating access restrictions
- [Instructor] As you use IAM to grant access to resources, there may be some actions you want to implicitly deny for all IAM users in your account. Consider the following scenario, which I've set up in my account. Recall that we have a user, Madeline. Per the Super Admin Challenge, she can now assume the Super Admin role. Recall that this role contains the AWS Managed Policy for Administrator Access. Looking at the contents of this policy, recall that it allows any action on any resource. With this broad level of access, we might want to put reasonable restrictions in place to support separation of duties. For example, CloudTrail is where audit logs of API activity is stored. As such, it's a good idea to inhibit the ability to delete CloudTrail artifacts. The Cloud Hardware Security Module is a means for storing cryptographic keys. If you decide to use the key management service instead of cloud HSM, you may want to inhibit the ability to use this service. Clearly, you are using IAM…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Understanding Identity and Access Management6m 28s
-
Understanding IAM policies4m 15s
-
(Locked)
Configure IAM policies10m 11s
-
(Locked)
Understanding IAM groups1m 54s
-
(Locked)
Configure IAM groups4m 40s
-
(Locked)
Configuring a password policy4m 7s
-
(Locked)
Configure IAM users: Web console7m 49s
-
(Locked)
Configure IAM users: CLI3m 14s
-
(Locked)
IAM challenge1m
-
(Locked)
IAM challenge solution3m 36s
-
(Locked)
Configuring IAM roles3m 13s
-
(Locked)
Configuring IAM roles3m 2s
-
(Locked)
Validating an IAM role3m 45s
-
(Locked)
Extending CloudWatch3m 43s
-
(Locked)
Install CloudWatch agent7m 23s
-
(Locked)
Challenge: IAM roles54s
-
(Locked)
Solution: IAM roles4m 11s
-
(Locked)
Understanding Security Token Service1m 58s
-
(Locked)
Creating a temporary access role3m 46s
-
(Locked)
Creating a temporary access policy4m 54s
-
(Locked)
Validating temporary access3m 46s
-
(Locked)
Challenge: Super admin42s
-
(Locked)
Solution: Super admin4m 20s
-
(Locked)
Illustrating access restrictions2m 2s
-
(Locked)
Exploring IAM policy simulator7m 31s
-
(Locked)
Understanding Cognito4m 2s
-
(Locked)
Creating a Cognito user pool10m 28s
-
(Locked)
Creating a Cognito identity pool5m 31s
-
(Locked)
Understanding Verified Permissions3m 53s
-
(Locked)
Understanding federated access2m 37s
-
(Locked)
Enabling federated access5m 8s
-
(Locked)
Validating federated access3m 36s
-
(Locked)
Securing financial access3m 37s
-
(Locked)
Enabling financial access3m 40s
-
-
-
-
-
-
-
-