Module 2 - Account Security

Unit notes:
AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html.
“AWS account root user” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html.
“Grant least privilege” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege.
“What is IAM?” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html.
“Policies and permissions in IAM” https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.
“IAM users” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html.
“Managing passwords for IAM users” in the AWS Identity Access and Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html.
“IAM policies for Amazon EC2” in the AWS Identity Access and Management User Guide https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html.
“Understanding and getting your AWS credentials” in the AWS General Reference https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html.
“What is the AWS Command Line Interface?” in the AWS Command Line Interface User Guide http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html.
“IAM user groups” https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html.
AWS Security Token Service API Reference https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html.
“Using IAM roles” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html.
“Policy evaluation logic” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html.
“Use customer managed policies instead of inline policies” https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#best-practice-managed-vs-inline.
“Policies and permissions in IAM” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.
“Identity-based policies and resource-based policies” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html.
“Viewing last accessed information for IAM” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data.html.
“Using AWS IAM Access Analyzer” https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html.
“Permissions boundaries for IAM entities” in the AWS Identity and Access Management User Guide https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html.
Policy evaluation logic https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html.
“Enabling SAML for your AWS resources” https://aws.amazon.com/identity/saml/.
“How to Use Service Control Policies in AWS Organizations” in the AWS Security Blog https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/.
“Inheritance for service control policies”in the AWS Organizations User Guide https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_inheritance_auth.html.
“AWS Regional Services” https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/.

Limits & Quotas
IAM https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
Organization https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html
Control Tower https://docs.aws.amazon.com/controltower/latest/userguide/limits.html

IAM
Documentation https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
AWS account root user https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
Grant least privilege https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
Managing passwords for IAM users https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
IAM user groups https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html
Policies and permissions https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
IAM JSON policy elements reference https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html
Policy evaluation logic https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
Use customer managed policies instead of inline policies https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#best-practice-managed-vs-inline
Viewing last accessed information for IAM https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data.html
Using AWS IAM Access Analyzer https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html
Permissions boundaries for IAM entities https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
Identity-based policies and resource-based policies https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html
IAM policies for Amazon EC2 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html
Understanding and getting your AWS credentials https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

Organizations https://aws.amazon.com/organizations/
Documentation https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
Inheritance for service control policies https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_inheritance_auth.html

Testing IAM policies with the IAM policy simulator https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
Security Token Service https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
Enabling SAML for your AWS resources https://aws.amazon.com/identity/saml/

Mind Maps
Cognito https://www.awsgeek.com/Amazon-Cognito/

Whitepapers:
Introduction to AWS Security https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/welcome.html

Blogs:
How to Connect Your On-Premises Active Directory to AWS Using AD Connector https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/
How to Establish Federated Access to Your AWS Resources by Using Active Directory User Attributes https://aws.amazon.com/blogs/security/how-to-establish-federated-access-to-your-aws-resources-by-using-active-directory-user-attributes/
Implement AWS resource tagging strategy using AWS Tag Policies and Service Control Policies (SCPs) https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/
How can I grant access to the AWS Management Console for on-premises Active Directory users? https://aws.amazon.com/premiumsupport/knowledge-center/enable-active-directory-console-access/
New for Identity Federation – Use Employee Attributes for Access Control in AWS https://aws.amazon.com/blogs/aws/new-for-identity-federation-use-employee-attributes-for-access-control-in-aws/
How to Use Service Control Policies in AWS Organizations https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/
Easily control the naming of individual IAM role sessions https://aws.amazon.com/blogs/security/easily-control-naming-individual-iam-role-sessions/
Techniques for writing least privilege IAM policies https://aws.amazon.com/blogs/security/techniques-for-writing-least-privilege-iam-policies/
Best Practices for Organizational Units with AWS Organizations https://aws.amazon.com/blogs/mt/best-practices-for-organizational-units-with-aws-organizations/
Control VPC sharing in an AWS multi-account setup with service control policies https://aws.amazon.com/blogs/security/control-vpc-sharing-in-an-aws-multi-account-setup-with-service-control-policies/

Videos:
AWS re:Invent 2020: Getting started with AWS identity services https://youtu.be/rFHnZkx7nqY
Create and Modify IAM Policies Using the AWS Identity and Access Management (IAM) Visual Editor https://youtu.be/Ry_a_PvXmX8
AWS re:Invent 2020: Understanding multi-account management https://youtu.be/T86rapsuXPk
AWS re:Invent 2018: Become an IAM Policy Master in 60 Minutes or Less https://youtu.be/YQsK4MtsELU

Trainings:
Deep Dive with Security: AWS Identity and Access Management (IAM) https://explore.skillbuilder.aws/learn/course/internal/view/elearning/104/deep-dive-with-security-aws-identity-and-access-management-iam

Labs:
Introduction to AWS Identity and Access Management (IAM) https://amazon.qwiklabs.com/focuses/22172?catalog_rank=%7B%22rank%22%3A2%2C%22num_filters%22%3A0%2C%22has_search%22%3Atrue%7D&parent=catalog&search_id=15047834

Previous     Top    Next