What is AWS Cloud
In simple terms, AWS is considered a cloud provider, which means that AWS provides various cloud-based IT resources to its cloud consumers. AWS is an easy-to-use platform which is provided by Amazon. At present, AWS is one of the leading cloud service providers all around the world. Cloud Services can be related to servers, networking, security, monitoring, etc.
AWS uses the Pay as you Go model, where you only pay for the services you will use.
Brief History of AWS
In 2006 AWS (Amazon Web Services) was officially launched.
In the year 2007: over 180,000 developers had signed up for the AWS.
In the year 2010: amazon.com retail web services were moved to AWS, i.e., amazon.com is now running on AWS. Right now, AWS has 212 Services.
Regions and Availability Zones
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers.
An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.
AWS Edge Locations
Edge locations are AWS data centers designed to deliver services with the lowest latency possible. Amazon has dozens of these data centers spread across the world.
There are more than 200+ AWS Services and we will discuss most of the AWS Services, This most important service to get started with AWS IAM which is also a Global Service.
Security and Identity
This is more important who have authorization and authentication to
the web application. Let’s discuss Identity Access and management
and how it works in brief. There are also some other AWS security services like AWS Shield, AWS Application firewall, AWS GuardDuty, AWS Config. Right now we will discuss IAM.
Identity Access and Management
AWS Identity and Access Management (or IAM) is a service that offers secure access control mechanisms for all of your AWS services and in some cases resources. AWS IAM is at the heart of AWS security because it empowers you to control access by creating users and groups, assigning specific permissions and policies to specific users, setting up multifactor authentication for additional security, and so much more. And the cherry on top, IAM is free to use!
AWS IAM: Key Features
lets have some key features of identity access and management, which makes it so versatile and powerful.
AWS IAM lets you create and manage identities such as users, groups, and roles, meaning you can issue and enable authentication for resources, people, services, and apps within your AWS account.
Access management or authorization in IAM is made of two primary components: Policies and Permissions. Authorization determines what an identity can access within a system once it’s been authenticated.
Consider this, For example, Financial Department needs access to the billing details, the Developer needs access to the EC2 Instances and the Quality Assurance(QA) team needs to access the S3 Bucket, you can sign the custom policies and permissions to all the users accordingly.
Authentication or identity management in AWS IAM consists of the following identities:
An IAM user is a person that needs to interact with your AWS resources or services either from the AWS Console or with the AWS CLI.
An IAM group is a collection of users and permissions assigned to those users. Groups provide a convenient way to manage permissions for users with similar needs by categorizing them according to their job function/role, department, or any other requirement. Then, permissions for all those users can be managed at once through the group. For example, we can create a group of a session manager and only limit the access to the session manager, when we add users to the session manager group, they will have access to the session manager other they will not access to the session manager.
An IAM role is an entity within AWS that defines a set of permissions the role can perform. For example, Allow Access to S3 and DynamoDB.
Authorization or access management in IAM is controlled by Policies that grant Permissions.
What is Policy?
A policy is a document with a set of rules, having one or more statements. Each policy grants a specific set of permissions and can be attached to any of the IAM identities we covered earlier — users, groups, and roles. Policies are always written in JSON or YAML format, and each policy has a name.
What are Permissions?
Permissions enable you to perform actions on AWS resources. When a new user or group is created, it has no permissions and a policy must be attached to allow actions to be taken on AWS resources.
In JSON, it can look like this
This example policy restricts an IAM user or group access to only Start/Stop/Reboot EC2 instances in the US East (N. Virginia) [us-east-1] Region.
This is the first part conclusion, in which we learn briefly about AWS, and AWS Service Identity Access and management, In the next part we will more focus on the AWS Compute Services like AWS EC2, AWS Lambda, etc. You can always reach out to me if you have any questions!
Adil Shehzad - DevOps Engineer - Strategic Systems International | LinkedIn
Adil is a DevOps Engineer, Microsoft Certified Trainer, GitHub Campus Expert, and Amazon Web Services Community…
Canva Presentation can be found on this page. Now you can move to Part 2 of this Introductory Session.