New Training: Work with IAM Security Policies

In this 5-video skill, CBT Nuggets trainer Bart Castle teaches you how to work with AWS Identity and Access Management (IAM) security policies. Learn about the structure and composition of security policy statements and their elements, like Effect, Action, and Resource. Cover other optional elements and how to use them to achieve common security objectives. Watch this new AWS training.

Learn AWS with one of these courses:

• AWS Certified Security – Specialty

• AWS Certified Solutions Architect – Associate

• AWS Certified SysOps Administrator – Associate

• AWS Certified Developer – Associate

• Planning for AWS S3 Data Security

This training includes:

• 5 videos

• 33 minutes of training

You’ll learn these topics in this skill:

• Security Policy Types and Elements

• IAM Policies: Managed vs. Inline Policies and Delegation

• IAM Policies: Editing

• IAM Policies: Creating

• IAM Policies: Advanced Not Elements

How to Manage AWS IAM Policies Among Various IAM Identities

One of the core principles behind using IAM identities with applications is being able to create different identities for each application that needs to be able to access resources in your AWS account. But how do you manage multiple IAM identities when they need the same permissions? That is when you'll use IAM policies.

The AWS IAM framework works in a similar concept to creating users and user groups in Active Directory. Admins will create different policies and groups that allow specific permissions for various resources in the IT environment. Those groups are assigned to specific users. Those group policies act as repeatable templates that can be applied to various users. That way if permissions need to be updated, admins only need to update that policy instead of each user.

IAM policies work the same way as Active Directory policies. One policy can be configured to only allow read access to specific S3 buckets and nothing else. That policy can then be applied to multiple IAM identities.

When creating applications that need access to AWS resources, it is a wise idea to create different identities for each application instead of re-using identities between all applications. It's best practice for security. Utilizing IAM policies allows an easy way to both create and manage multiple IAM identities in AWS.