New Training: Work with IAM Security Policies
In this 5-video skill, CBT Nuggets trainer Bart Castle teaches you how to work with AWS Identity and Access Management (IAM) security policies. Learn about the structure and composition of security policy statements and their elements, like Effect, Action, and Resource. Cover other optional elements and how to use them to achieve common security objectives. Watch this new AWS training.
Learn AWS with one of these courses:
This training includes:
33 minutes of training
You’ll learn these topics in this skill:
Security Policy Types and Elements
IAM Policies: Managed vs. Inline Policies and Delegation
IAM Policies: Editing
IAM Policies: Creating
IAM Policies: Advanced Not Elements
How to Manage AWS IAM Policies Among Various IAM Identities
One of the core principles behind using IAM identities with applications is being able to create different identities for each application that needs to be able to access resources in your AWS account. But how do you manage multiple IAM identities when they need the same permissions? That is when you'll use IAM policies.
The AWS IAM framework works in a similar concept to creating users and user groups in Active Directory. Admins will create different policies and groups that allow specific permissions for various resources in the IT environment. Those groups are assigned to specific users. Those group policies act as repeatable templates that can be applied to various users. That way if permissions need to be updated, admins only need to update that policy instead of each user.
IAM policies work the same way as Active Directory policies. One policy can be configured to only allow read access to specific S3 buckets and nothing else. That policy can then be applied to multiple IAM identities.
When creating applications that need access to AWS resources, it is a wise idea to create different identities for each application instead of re-using identities between all applications. It's best practice for security. Utilizing IAM policies allows an easy way to both create and manage multiple IAM identities in AWS.