Skip to content

AWS Authentication and Authorisation

EC2 application to Amazon services

For example EC2 to Amazon S3

  • β›” You do not need to create IAM user for your application
  • β›” Do not hardcode creadentials
  • πŸ’‘ When you send a request to AWS service you must sign the request. It happens programmatically
  • πŸ’‘Admin creates the role and assign permission to Amazon s3 bucket. He can create role for EC2 cases or Lambda or others. In our case for ec2
  • πŸ’‘ You need to launch EC2 with Instance profile to pass the IAM role to the EC2
  • πŸ’‘ The Application in EC2 need to retrieve the IAM role temporary credentials form EC2 and then make API call using these temporary credentials.
  • The role can be assumed to many EC2 instances

Users developers, admins to AWS console

πŸ’‘ Admin creates users and groups and assigns users to group πŸ’‘ Users has name and password πŸ’‘ You can use federation to use your corporate accounts πŸ’‘ Admin creates polices and assigns them to users or groups πŸ’‘ Admin can enable MFA for users

References

  1. https://explore.skillbuilder.aws/learn/course/external/view/elearning/1851/aws-technical-essentials?da=sec&sec=prep Module 1
  2. AWS user guide:Β What Is IAM?(opens in a new tab)
  3. AWS user guide:Β IAM Identities (User, User Groups, and Roles)
  4. AWS user guide:Β Access Management for AWS Resources(opens in a new tab)
  5. AWS user guide:Β Security Best Practices in IAM(opens in a new tab)
  6. AWS blog:Β How to Create and Manage Users within AWS IAM Identity Center