1
00:00:00,550 --> 00:00:03,210
Let me show you how to create access keys.

2
00:00:03,210 --> 00:00:05,040
I'm going to click on my user

3
00:00:05,040 --> 00:00:07,200
and as you can see right now in the top right-hand side,

4
00:00:07,200 --> 00:00:10,380
I am connected using the my IAM User on my account.

5
00:00:10,380 --> 00:00:11,720
So this is something you have to do,

6
00:00:11,720 --> 00:00:13,360
do not use your root account

7
00:00:13,360 --> 00:00:15,040
to create security credentials.

8
00:00:15,040 --> 00:00:15,873
Okay?

9
00:00:15,873 --> 00:00:17,500
So I'm using my IAM User,

10
00:00:17,500 --> 00:00:20,970
and I'm going to go and create Security credentials.

11
00:00:20,970 --> 00:00:22,570
So I'm gonna just scroll down

12
00:00:22,570 --> 00:00:24,310
and again create Access keys.

13
00:00:24,310 --> 00:00:26,398
So Access keys are going to be very helpful

14
00:00:26,398 --> 00:00:27,910
if we use the CLI.

15
00:00:27,910 --> 00:00:29,730
So if we use the command line interface,

16
00:00:29,730 --> 00:00:31,710
or if we use the SDK

17
00:00:31,710 --> 00:00:35,420
to implement some programming language against AWS.

18
00:00:35,420 --> 00:00:37,410
So I'm going to create this Access key

19
00:00:37,410 --> 00:00:39,510
and they are very, very secret.

20
00:00:39,510 --> 00:00:41,750
This is the only time you will see them

21
00:00:41,750 --> 00:00:43,300
and that they can be downloaded.

22
00:00:43,300 --> 00:00:44,850
You cannot recover them later,

23
00:00:44,850 --> 00:00:46,980
but you can create new ones if you wanted to.

24
00:00:46,980 --> 00:00:48,670
So never, ever share them before.

25
00:00:48,670 --> 00:00:51,310
And I will invalidate mine after this hands on.

26
00:00:51,310 --> 00:00:53,450
So you can download a CSV file if you wanted to,

27
00:00:53,450 --> 00:00:54,950
to keep them on your computer,

28
00:00:54,950 --> 00:00:58,050
or you can show the Access key ID and the Secret access key.

29
00:00:58,050 --> 00:00:59,220
Again, these are secrets

30
00:00:59,220 --> 00:01:00,430
and they will be worthless for you

31
00:01:00,430 --> 00:01:02,550
because I'm going to invalidate them.

32
00:01:02,550 --> 00:01:05,390
Then we need to use these secret Access key

33
00:01:05,390 --> 00:01:07,010
and Access key ID.

34
00:01:07,010 --> 00:01:08,160
The first thing you have to do

35
00:01:08,160 --> 00:01:10,630
is to configure my AWS utilize.

36
00:01:10,630 --> 00:01:13,000
So I'm going to type "aws configure".

37
00:01:13,000 --> 00:01:15,862
And then I am greeted with entering my Access key ID.

38
00:01:15,862 --> 00:01:16,860
Very nice.

39
00:01:16,860 --> 00:01:19,870
I can just enter this one and press Enter,

40
00:01:19,870 --> 00:01:22,780
and then I'm greeted with entering my Secret access key,

41
00:01:22,780 --> 00:01:25,220
which I will enter right here as well.

42
00:01:25,220 --> 00:01:26,210
The Default region name,

43
00:01:26,210 --> 00:01:28,320
so this is a region that is close to you,

44
00:01:28,320 --> 00:01:29,700
I will choose eu-west-1

45
00:01:29,700 --> 00:01:32,330
because I will be doing all my tutorials in eu-west-1,

46
00:01:32,330 --> 00:01:33,720
but you will choose your own region

47
00:01:33,720 --> 00:01:35,330
and you can enter your own region name,

48
00:01:35,330 --> 00:01:36,930
that the region name, by the way,

49
00:01:36,930 --> 00:01:40,520
you can get directly from this drop down right here.

50
00:01:40,520 --> 00:01:41,761
It shows you the name of the region,

51
00:01:41,761 --> 00:01:43,850
as well as the region code.

52
00:01:43,850 --> 00:01:46,660
So for me, I'm going to use my eu-west-1.

53
00:01:46,660 --> 00:01:47,870
I'll press Enter.

54
00:01:47,870 --> 00:01:49,360
And then the Default output format,

55
00:01:49,360 --> 00:01:51,110
I'll just press Enter as well.

56
00:01:51,110 --> 00:01:54,500
So now my AWS CLI is configured.

57
00:01:54,500 --> 00:01:56,860
And so we can have a look at how it works.

58
00:01:56,860 --> 00:02:01,860
We can do "aws iam list-users" and press Enter,

59
00:02:02,720 --> 00:02:05,800
and this will list all the users in my accounts.

60
00:02:05,800 --> 00:02:07,010
And as we can see,

61
00:02:07,010 --> 00:02:09,110
the user I have right now is called "stephane".

62
00:02:09,110 --> 00:02:10,350
Here is a UserId.

63
00:02:10,350 --> 00:02:12,380
Here is an Arn when he was created

64
00:02:12,380 --> 00:02:14,430
and when the password was last used,

65
00:02:14,430 --> 00:02:16,700
which is very similar to what I would get

66
00:02:16,700 --> 00:02:19,910
if I were to go into this UI right here.

67
00:02:19,910 --> 00:02:21,340
So the management console

68
00:02:21,340 --> 00:02:25,123
and the CLI do provide similar kind of information.

69
00:02:26,600 --> 00:02:28,120
Next, I want to show you what happens

70
00:02:28,120 --> 00:02:30,680
if we remove permissions from our users.

71
00:02:30,680 --> 00:02:32,350
So I'm going to go to admins

72
00:02:32,350 --> 00:02:34,330
and I'm going to remove the stephane user

73
00:02:34,330 --> 00:02:35,600
from the group admin.

74
00:02:35,600 --> 00:02:39,460
And so again, if I go back to my user stephane,

75
00:02:39,460 --> 00:02:40,850
it doesn't have any permissions.

76
00:02:40,850 --> 00:02:43,300
And I did this obviously with my root account,

77
00:02:43,300 --> 00:02:44,920
not the other account.

78
00:02:44,920 --> 00:02:49,600
So now if I go into my UI and obviously refresh this page,

79
00:02:49,600 --> 00:02:51,467
I'm going to get an error saying that, "Yes,

80
00:02:51,467 --> 00:02:53,910
"I do not have the permissions to do this,"

81
00:02:53,910 --> 00:02:55,950
but let's try to do the same thing with a CLI.

82
00:02:55,950 --> 00:02:59,870
So we're going to do an iam list user call,

83
00:02:59,870 --> 00:03:03,970
and we get no response because actually it was being denied.

84
00:03:03,970 --> 00:03:07,030
So the CLI permissions are obviously going to be

85
00:03:07,030 --> 00:03:09,181
the exact same as the permissions you get

86
00:03:09,181 --> 00:03:11,180
from the IAM console.

87
00:03:11,180 --> 00:03:12,670
So the takeaway from this lecture

88
00:03:12,670 --> 00:03:15,978
is that you can access AWS using the management console

89
00:03:15,978 --> 00:03:19,320
or using access key and secret access key

90
00:03:19,320 --> 00:03:22,450
that you can configure and then use into the CLI.

91
00:03:22,450 --> 00:03:23,530
So hope you liked it.

92
00:03:23,530 --> 00:03:24,980
And I will see you in the next lecture.

93
00:03:24,980 --> 00:03:29,020
And obviously do not forget to add your user back

94
00:03:29,020 --> 00:03:30,590
into the group.

95
00:03:30,590 --> 00:03:32,170
Otherwise, that would be horrible.

96
00:03:32,170 --> 00:03:34,830
So I'm going to go into groups, admins,

97
00:03:34,830 --> 00:03:37,820
and I'm going to add my stephane user back into my group.

98
00:03:37,820 --> 00:03:40,000
And now I am an administrator again.

99
00:03:40,000 --> 00:03:40,833
So that's it.

100
00:03:40,833 --> 00:03:42,400
I will see you in the next lecture.