Authentication is critical in the public cloud -- where services and data are accessed at a global scale. Properly...
managing user access within public cloud services like those from AWS takes careful planning.
AWS uses its Identity and Access Management service to enable IT administrators to create user identities, organize users into groups and assign AWS IAM permissions to access to resources and services. Developers access IAM features through web, command-line or API tools. The IAM console is a web portal and most administrators routinely manage IAM through a browser window.
The AWS Command Line Interface (CLI) offers more granular control over IAM management activity, allowing administrators to deploy scripts to speed repetitive IAM tasks while reducing errors and ensuring consistency. AWS also supports IAM access through APIs and software developer kits (SDKs), which give in-house or third-party tools access IAM features programmatically. For example, an enterprise mobile application might incorporate an SDK so that the app can securely interface with a workload or data in AWS.
IAM can handle several different types of credentials to authenticate users, including AWS access key, SSH key, X.509 certificate, passwords or a multifactor authentication (MFA) device. Which credentials you use depends on which technology is accessing the services; end users can hold more than one type of credential.
AWS end users typically access services with a username and password through the AWS console on a daily basis. An in-house developer uses an AWS access key to make secure calls through the API or SDK, while external users are assigned temporary X.509 certificates. For highly secure usage, an MFA device is used for additional authentication. IT professionals rarely use SSH keys, generally only using them to access AWS CodeCommit repositories.
Amazon Web Services security quiz
Test your knowledge of Amazon Web Services security best practices with this 10-question security quiz.
By default, users, groups and roles do not have AWS IAM permissions, as those must be assigned. AWS IAM permissions are granted through IAM policies. IT teams share policies in the form of documents, which are attached to users and groups. A set of commonly used AWS IAM permissions, called AWS managed policies, includes features like read-only access for a Simple Storage Service instance. Administrators can create custom policies that are then attached to users, groups and roles using the AWS Management Console, IAM API or the AWS CLI.
AWS' policy generator tool helps create new policies in the appropriate syntax. IT teams can use the policy simulator tool to ensure that new or adjusted policies have the proper effect on users, groups and roles. It allows admins to correct problems or unexpected consequences before placing new policies into production.
IAM roles protect AWS resources
Put users into access groups to save management time
Four gaffes that can compromise your AWS cloud
Related Q&A from Stephen J. Bigelow
Administrators in charge of keeping antivirus software up to date have a few options to protect their servers. Learn about the methods and services ... Continue Reading
The Office Insider program can benefit organizations that want as much lead time as possible to see what new features Microsoft plans to release for ... Continue Reading
Microsoft offers Windows Defender Antivirus as its native tool to prevent malware attacks. Discover how it works and what advanced protections it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.