Every security system has three parts: prevention, detection, and response. This course focuses on the first one in the context of AWS. Prevention means not allowing an attack to happen and the primary tool you have for that is access control. In AWS, the IAM (Identity and Access Management) service allows you to define who has access to the account and what actions are allowed.
From this course, you'll learn everything you need to know to use IAMto control access in an AWSaccount.
When I started using AWS Ifelt that IAMmade simple things too complicated. Using a Lambda function to store a file in an S3 bucket required searching in the documentations to find the right snippet. Today, I find IAMa useful tool with many features that help me configure account security.
The moment that changed my view on IAMwas when I started looking at the big picture of how authentication and authorization work. That was when all the individual components finally formed a coherent system. I began to see the reason behind the components and why they work the way they do.
With this course my goal is to help you see the big picture and how each part of IAMworks. I hope that by developing a systems mindset, you'll also enjoy working with AWS access control and you'll be able use the tools described in the course to tighten your account's security.
You'll learn:
What is authentication and authorization in a cloud service
How IAMcredentials work
How to configure IAMusers and roles
The policy structure
The policy evaluation logic
This course deliberately starts slow. I find it important to see how other, more familiar services services the same concepts as it helps to understand why AWSworks the way it does. Then we'll dive deep into the technical topics of writing policies and how the policy evaluation logic works. There is a section with examples of policies and we'll finish the course with a couple of best practices.