Finest Approaches for AWS Identity & Access Management - PowerPoint PPT Presentation

About This Presentation
Title:

Finest Approaches for AWS Identity & Access Management

Description:

Identity and Access Management is often abbreviated as IAM, and it’s an essential term that you’ll frequently encounter all across AWS. – PowerPoint PPT presentation

Number of Views:677
Slides: 16
Provided by: infosectrain
Category:

less

Transcript and Presenter's Notes

Title: Finest Approaches for AWS Identity & Access Management


1
Finest Approaches for AWS Identity Access
Management
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
Identity and Access Management is often
abbreviated as IAM, and its an essential term
that youll frequently encounter all across AWS.
So, it is essential to have a reasonable
comprehension of how it works. As the name
implies, IAM is a permission framework that
controls access to AWS services. It aids in
defining who has access to what in an AWS
account. Secondly, IAM users enable you to give
groups of users or even individual users broad or
specific permissions. Broad permissions can
include items like granting access to an entire
AWS service, such as DynamoDB, while specific
permissions can include read and write access to
a specific S3 bucket. Thirdly, IAM offers a
method for monitoring and editing access to
unique resources by enabling AWS Cloud Trail.
Finally, those of you working in large
corporations with current identity management
systems would be happy to learn that AWS IAM will
easily integrate with them.
www.infosectrain.com sales_at_infosectrain.com
4
How do AWS Identity and Access Management
work? In order to know how AWS IAM works, you
must be familiar with the four basic concepts,
which can be defined as
www.infosectrain.com sales_at_infosectrain.com
5
  • Users Users are identifiable individuals, and
    with IAM, you can give each one login and
    password so they can access the AWS console on
    their own. However, theyll have a restricted set
    of permissions that you specify. Users have
    secret keys and secret access keys, which are
    used as inputs in your application-level code
    when setting up clients.
  • Groups Then there are groups, which essentially
    apply to a collection of users that share a
    mutual interest. Permissions are different for
    different groups. Specific users of a group are
    subject to the same permissions and policies that
    are defined for the group as a whole.
  • Roles Then we have roles, which are similar to
    user accounts in AWS. We attach policies to roles
    as we do for the users. In AWS IAM, we provide
    the access permissions to roles instead of a
    user. If an instance wants to access an AWS
    account, well make it a role so that it can
    access the account without a login id and
    password. Roles can also be used by an AWS
    service to access another VM.
  • Policies Finally, there are policies, which is
    an AWS object that determines the permissions of
    identity or resource when it is connected with
    it. When an IAM principal (user or role) makes a
    request, AWS evaluates these policies. They come
    in two variations allow or deny. The policy
    permissions decide whether the request is allowed
    or denied.

www.infosectrain.com sales_at_infosectrain.com
6
AWS IAM Best Practices Here are some best
practices that must be followed while using IAM
to secure your Cloud Infrastructure




www.infosectrain.com sales_at_infosectrain.com
7
  1. Make use of the Least Privilege Model  You must
    provide the user with the bare minimum of
    permissions they need to complete their
    assignment. Dont give people too many
    permissions because this could result in security
    flaws or people unintentionally deleting
    production database tables. So, using the least
    privilege model is a wise approach.
  2. For privileged users, allow multi-factor
    authentication (MFA) For protecting enterprise
    data and networks, strong passwords are
    important, but they arent enough. A breach in
    authentication causes the majority of attacks.
    Security experts widely recommend Multi-factor
    authentication. AWS also recommends that all
    privileged IAM users use multi-factor
    authentication. Users that have access to APIs or
    other sensitive tools fall into this category.
    AWS users have a few options for enabling the
    second level of authentication, including
    security token-based authentication and SMS
    authentication.
  3. When changing policies, use caution Its all too
    easy to change a policy without thinking about
    it, only to discover that one of your development
    applications was using it and suddenly lost
    access to a resource. Just be cautious when
    making changes to the IAM configuration in
    development.
  4. For added protection, use policy
    conditions Policies are a series of JSON
    statements that grant users specific permissions.
    AWS has introduced an optional component called
    Conditions to policies to provide more
    security. The condition block always returns a
    boolean output true or false, indicating
    whether the request is granted or denied by the
    policy.





www.infosectrain.com sales_at_infosectrain.com
8
  • 5. Remove any credentials that arent needed It
    is always recommended to audit user credentials
    regularly and remove them if they are no longer
    in use. AWS has a credential report that allows
    you to monitor the lifecycle of passwords and
    access keys right out of the box. The report
    contains user information, the date the account
    was established, the last time the password was
    used, and the last time the password was changed.
    If youve set a password rotation policy, this
    report will also include the date and time that
    the user must change their password.
  • 6.Where possible, assign permissions using
    AWS-defined policies If youre new to AWS and
    have trouble creating and maintaining your own
    policies for various job functions, consider
    starting with AWS-defined policies wherever
    possible. These policies are well-aligned with a
    broad spectrum of traditional information
    technology roles. The auto-update functionality
    provided by AWS is a significant benefit of using
    these policies. Since these policies are modified
    whenever a new AWS service or API is released,
    they are still up to date. This saves a
    significant amount of time and makes life
    simpler.
  • 7.Assign Permissions to IAM Users Using
    Groups Creating groups and assigning permissions
    to them is often simpler than defining
    permissions for individual users. This allows you
    to build several groups for different job
    functions and assign appropriate permissions to
    each group before assigning users to those
    groups. This way of handling permissions is not
    only more straightforward, its much safer and
    easier to handle.





www.infosectrain.com sales_at_infosectrain.com
9
AWS with InfosecTrain AWS has proven to be a
huge success for a variety of businesses all over
the world. AWS services have been used by tech
companies such as Facebook, Linked In, Netflix,
and others to improve their business performance.
Professionals are in high demand and
well-compensated in the industry as a result of
its extensive use. Join InfosecTrain to take the
first step toward certification, as we are the
leading training provider that will expose you to
unique challenges. Our highly qualified and
experienced trainers created the whole action
plan and will guide you through the process of
laying a solid AWS foundation and upskilling your
skills to a proficient level.




www.infosectrain.com sales_at_infosectrain.com
10
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
11
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
12
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
13
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
14
(No Transcript)
15
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com