| new skills - Team Nuggets
New Training: Plan for AWS Managed Security Services
In this 7-video skill, CBT Nuggets trainer Bart Castle covers AWS managed protective, detective, and reactive security controls. Gain an understanding of identity and access management (IAM), infrastructure security, detective services, data protection, and compliance. Watch this new AWS training.
Watch the full course: AWS Certified Cloud Practitioner
This training includes:
- 7 videos
- 50 minutes of training
You’ll learn these topics in this skill:
- Planning for AWS Managed Security Services
- What Types of Security Services does AWS Offer?
- Identity & Access Management at AWS
- Detective Security Services at AWS
- Infrastructure Protection at AWS
- Data Security Services at AWS
- Compliance Support at AWS
A Brief Introduction to AWS IAM
One of the key features of cloud platforms is identity and access management. Each platform has its versions of how they handle this. For instance, AWS offers IAM policies.
IAM policies are fine-grained controls for access and identity management. The basic idea is that cloud engineers can configure identities, whether that is for a physical person or an AWS product, to use AWS resources. Those identities can be configured with policies like only being able to have read access for a specific storage bucket in S3.
For instance, a cloud engineer can create an identity for a specific application with access to Simple Email Services in AWS. That identity can include programmatic access. That way an external application can use that identity to send emails through AWS. Cloud engineers can name that identity or use tags with it, to specify what that identity is for (Ie. The name of the application). The IAM control panel in AWS also lists details for that identity like the last time it was used.
These IAM features help cloud engineers segregate identities with very specific permissions for different applications. That way an identity can be terminated or changed while only affecting a singular application and not all resources. Likewise, cloud engineers can use those IAM dashboard tools, like being able to see the last time an identity was used, to troubleshoot issues or identify un-needed resources.