1
00:00:00,460 --> 00:00:04,330
Okay, so here is the summary section for IAM.

2
00:00:04,330 --> 00:00:05,850
So we've seen about IAM users,

3
00:00:05,850 --> 00:00:07,060
and they will be mapped to

4
00:00:07,060 --> 00:00:09,840
an actual physical user within your company.

5
00:00:09,840 --> 00:00:13,840
And users will have passwords for the AWS Console.

6
00:00:13,840 --> 00:00:17,640
Then it is best practice to group these users together,

7
00:00:17,640 --> 00:00:19,930
and so the groups can only contain users,

8
00:00:19,930 --> 00:00:22,110
they cannot contain other groups.

9
00:00:22,110 --> 00:00:25,010
Then to give permission to either the users

10
00:00:25,010 --> 00:00:26,030
or the groups,

11
00:00:26,030 --> 00:00:28,560
we're going to create IAM policies,

12
00:00:28,560 --> 00:00:30,160
which are JSON documents,

13
00:00:30,160 --> 00:00:31,940
that will outline the permissions,

14
00:00:31,940 --> 00:00:34,820
that a user or a group can do.

15
00:00:34,820 --> 00:00:37,850
Then if we are within AWS,

16
00:00:37,850 --> 00:00:39,640
we are using roles.

17
00:00:39,640 --> 00:00:41,610
So if we create an EC2 instance

18
00:00:41,610 --> 00:00:43,750
we'll see in the next section,

19
00:00:43,750 --> 00:00:46,230
or if we want to give permissions,

20
00:00:46,230 --> 00:00:49,010
to an AWS service to do something else,

21
00:00:49,010 --> 00:00:51,160
on another AWS service,

22
00:00:51,160 --> 00:00:54,050
then we have to create IAM roles.

23
00:00:54,050 --> 00:00:55,810
For security and making sure,

24
00:00:55,810 --> 00:00:58,000
our users are completely safe,

25
00:00:58,000 --> 00:01:01,400
we must enable multi-factor authentication,

26
00:01:01,400 --> 00:01:03,910
to have a second device to login,

27
00:01:03,910 --> 00:01:07,563
and then also have a strong password policy in place.

28
00:01:08,700 --> 00:01:11,680
If you want to access AWS using the CLI,

29
00:01:11,680 --> 00:01:13,260
so the command line interface,

30
00:01:13,260 --> 00:01:15,830
or the SDK because you are programming some code,

31
00:01:15,830 --> 00:01:18,620
then you must generate some access keys.

32
00:01:18,620 --> 00:01:20,220
Which is the access key ID,

33
00:01:20,220 --> 00:01:21,780
and the secret access keys.

34
00:01:21,780 --> 00:01:25,610
Together they will give you programmatic access to AWS.

35
00:01:25,610 --> 00:01:29,270
If you wanted to audit your IAM dashboard,

36
00:01:29,270 --> 00:01:31,530
you could create a credential report,

37
00:01:31,530 --> 00:01:34,370
to get some information about all your users,

38
00:01:34,370 --> 00:01:37,660
or if you wanted to audit a specific user in IAM,

39
00:01:37,660 --> 00:01:40,400
then you would use the IAM Access Advisor,

40
00:01:40,400 --> 00:01:43,830
to see if a user has been using their permissions recently.

41
00:01:43,830 --> 00:01:45,080
So does it for this section.

42
00:01:45,080 --> 00:01:45,970
I hope you liked it,

43
00:01:45,970 --> 00:01:47,920
and I will see you in the next section.