What you’ll learn
Authentication and authorization in AWS
When and how to use users and roles
How to write policies to grant and limit permissions
Understand existing policies in an account
Every security system has three parts: prevention, detection, and response. This course focuses on the first one in the context of AWS. Prevention means not allowing an attack to happen and the primary tool you have for that is access control. In AWS, the IAM (Identity and Access Management) service allows you to define who has access to the account and what actions are allowed.
From this course, you’ll learn everything you need to know to use IAM to control access in an AWS account.
When I started using AWS I felt that IAM made simple things too complicated. Using a Lambda function to store a file in an S3 bucket required searching in the documentations to find the right snippet. Today, I find IAM a useful tool with many features that help me configure account security.
The moment that changed my view on IAM was when I started looking at the big picture of how authentication and authorization work. That was when all the individual components finally formed a coherent system. I began to see the reason behind the components and why they work the way they do.
With this course my goal is to help you see the big picture and how each part of IAM works. I hope that by developing a systems mindset, you’ll also enjoy working with AWS access control and you’ll be able use the tools described in the course to tighten your account’s security.
- What is authentication and authorization in a cloud service
- How IAM credentials work
- How to configure IAM users and roles
- The policy structure
- The policy evaluation logic
This course deliberately starts slow. I find it important to see how other, more familiar services services the same concepts as it helps to understand why AWS works the way it does. Then we’ll dive deep into the technical topics of writing policies and how the policy evaluation logic works. There is a section with examples of policies and we’ll finish the course with a couple of best practices.
Who this course is for:
- AWS developers and administrators
AWS Certified Security Specialist
I’m a technology enthusiast, software engineer, and blogger. I work mostly with web and cloud technologies, and I’m always looking for ways to improve how software is created. I’m an avid learner, striving to understand every aspect of a solution and I also enjoy teaching. I’m an AWS certified cloud architect and security specialist, and I published over a hundred technical articles.