AWS Security

PreviousAWS Networking NextAWS Organisation

Last updated 1 month ago

AWS Security

Shared Responsibility Model in Cloud

The Shared Responsibility Model defines the division of security responsibilities between the cloud provider and the customer:

Cloud Provider Responsibility: Security of the cloud, including infrastructure, hardware, software, networking, and facilities.
Customer Responsibility: Security in the cloud, including data protection, identity management, application security, and configuring security services.

This model ensures clarity on securing cloud environments and fosters collaborative security efforts.

AWS IAM is a service that helps securely manage access to AWS resources by defining who can access what and under which conditions.

Root Account User:
- The initial account created with full access to all AWS services and resources.
- Should be used sparingly with strong security measures like MFA.
IAM Users:
- Individual users with specific permissions.
- Each user has unique credentials and access policies.
IAM Roles:
- Temporary credentials assigned to AWS resources or users for specific tasks.
- Ideal for granting permissions without sharing credentials.
IAM Groups:
- Collection of IAM users with shared permissions.
- Simplifies access management by applying a single policy to multiple users.
IAM Policies:
- JSON documents defining permissions for users, roles, or groups.
- Policies specify allowed or denied actions on AWS resources.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

Effect: Allow grants permission.
Action: Specifies s3:* (all actions on S3).
Resource: Targets a specific S3 bucket.

IAM Assume Role

Assume Roles are the roles defined for a shorter amount of time dynamic access which does not require username or password for authentication and roles are assumed for temporary amount of time.

EX: Cofee shop : Once single person is taking order one day and the same it making cofee other day , We can give him two roles so we allocate the assume role for the task to be done on that day by temperory roles

PreviousAWS Networking NextAWS Organisation

Last updated 1 month ago

Identity & Access Management (IAM)

AWS IAM is a service that helps securely manage access to AWS resources by defining who can access what and under which conditions.

Root Account User:

The initial account created with full access to all AWS services and resources.
Should be used sparingly with strong security measures like MFA.

IAM Users:

Individual users with specific permissions.
Each user has unique credentials and access policies.

IAM Roles:

Temporary credentials assigned to AWS resources or users for specific tasks.
Ideal for granting permissions without sharing credentials.

IAM Groups:

Collection of IAM users with shared permissions.
Simplifies access management by applying a single policy to multiple users.

IAM Policies:

JSON documents defining permissions for users, roles, or groups.
Policies specify allowed or denied actions on AWS resources.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

Effect: Allow grants permission.
Action: Specifies s3:* (all actions on S3).
Resource: Targets a specific S3 bucket.

IAM Assume Role

Assume Roles are the roles defined for a shorter amount of time dynamic access which does not require username or password for authentication and roles are assumed for temporary amount of time.

EX: Cofee shop : Once single person is taking order one day and the same it making cofee other day , We can give him two roles so we allocate the assume role for the task to be done on that day by temperory roles

AWS - Roles (Assume Role)