Website Toolbase

AWS Security

Shared Responsibility Model in Cloud

The Shared Responsibility Model defines the division of security responsibilities between the cloud provider and the customer:

  1. Cloud Provider Responsibility: Security of the cloud, including infrastructure, hardware, software, networking, and facilities.

  2. Customer Responsibility: Security in the cloud, including data protection, identity management, application security, and configuring security services.

This model ensures clarity on securing cloud environments and fosters collaborative security efforts.

Identity & Access Management (IAM)

AWS IAM is a service that helps securely manage access to AWS resources by defining who can access what and under which conditions.

  1. Root Account User:

    • The initial account created with full access to all AWS services and resources.

    • Should be used sparingly with strong security measures like MFA.

  2. IAM Users:

    • Individual users with specific permissions.

    • Each user has unique credentials and access policies.

  3. IAM Roles:

    • Temporary credentials assigned to AWS resources or users for specific tasks.

    • Ideal for granting permissions without sharing credentials.

  4. IAM Groups:

    • Collection of IAM users with shared permissions.

    • Simplifies access management by applying a single policy to multiple users.

  5. IAM Policies:

    • JSON documents defining permissions for users, roles, or groups.

    • Policies specify allowed or denied actions on AWS resources.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

  • Effect: Allow grants permission.

  • Action: Specifies s3:* (all actions on S3).

  • Resource: Targets a specific S3 bucket.

IAM Assume Role

Assume Roles are the roles defined for a shorter amount of time dynamic access which does not require username or password for authentication and roles are assumed for temporary amount of time.

EX: Cofee shop : Once single person is taking order one day and the same it making cofee other day , We can give him two roles so we allocate the assume role for the task to be done on that day by temperory roles

AWS - Roles (Assume Role)
PreviousAWS NetworkingNextAWS Organisation

Last updated