Time
3 hours 27 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:02
In this video,
00:04
we will discuss the concept
00:06
of I am roles within AWS.
00:10
We will walk through creating an I am role.
00:16
So
00:17
what is and I am role
00:22
and I am role
00:24
is like a user
00:26
or an identity
00:28
that defines a set of permissions for making a W S service requests.
00:34
And I am role isn't necessarily assigned to any particular user group
00:40
or service,
00:42
but a role is readily assume herbal by trusted entities such as I am Users Applications
00:51
or A W S service is like E C two,
00:56
and I am role will not have user credentials associated with it.
01:00
However,
01:02
whomever assumes the role will be provided with dynamic
01:06
meaning created on the fly temporary credentials.
01:10
The easiest way for me think about the concept of roles
01:14
is that of a substitute teacher.
01:17
The substitute teacher assumes the role of the teacher during the absence of the real teacher,
01:25
So
01:26
why would we ever use in? I am role
01:30
and I am roll permits us to delegate access along with defined permissions to trust the entities without having to share long term access keys we can utilize I am rolls to delegate access to
01:47
service is like E. C. Two instances,
01:49
the need to access
01:52
other AWS service's
01:56
permitting users from different AWS accounts.
01:59
Access to resource is in other AWS accounts
02:02
without having to create new users.
02:07
Integration with corporate authentication systems to reduce the need for their users to have to authenticate more than once
02:16
integration with external authentication networks such as Facebook and Google.
02:23
So how do we create a role?
02:25
We create a role in nearly the same way that we create an ordinary user.
02:30
We just named the role and then attach a policy to it.
02:35
Let's walk through creating a role.
02:38
We begin by typing. I am into the AWS management console to reach the I Am dashboard.
02:51
Then we click on Rolls
02:55
in the Rules dashboard.
02:58
If I'm or explanations of roles,
03:01
let's click create role.
03:05
This brings us to the next screen,
03:07
where we can select the type of trusted entity that we want to use.
03:12
The AWS service is where we create rolls. To assign the service is like easy to
03:19
the next type of entity would be for a different AWS count.
03:23
Another department or third party
03:28
with identity
03:30
is for assigning a role toe a log in service such as Facebook
03:34
or a Google account.
03:38
Samel
03:38
or federation
03:40
would tie into your company's authentication system, such as L DAP,
03:46
for our course. We would just create a role for the EEC to service.
03:51
Let's click, create role
03:54
Select
03:55
Easy to
03:57
and then click next
04:02
type
04:04
E C two full access
04:06
in the Filter Policy bar. To pull up the EEC to policy,
04:17
place a checkmark to select the policy.
04:21
Advance to the next screen where we can add tags.
04:26
We won't be adding any tags in this example, so just go to the next screen.
04:31
Next
04:32
we give the role of name.
04:34
I will just call it
04:36
the demo Easy to roll,
04:46
Click Finished
04:48
and just that easily. We have created a new role for E C two full access.
04:55
Let's click on it to explore some of its properties,
04:59
so
05:00
this role has full access to easy to
05:03
we click trust relationships.
05:06
This is where we could view the trusted entities
05:10
that would be able to assume this role
05:14
tags are where we could place identifiable information
05:17
for the role to help us with tracking
05:20
what
05:21
or who is assuming it
05:25
the Access advisor will show us what permissions that we granted to the role
05:30
and when was the last time that the permissions were used?
05:33
This is handy if we ever need to perform a quick audit.
05:39
The Revoke Sessions tab
05:41
is where we can immediately revoke all sessions currently assuming the role.
05:46
This is like hitting the big red emergency button.
05:50
So
05:51
that will wrap up our exploration of what roles are
05:56
and we'll conclude our quick introduction to A W s identity and access management.
06:04
What is an eye? An emerald
06:09
and I am role is similar to a user. It's an identity with permission policies assigned to it.
06:15
The permissions define what a. W s service requests that the role has authorization to execute.
06:21
Why would we ever use? And I am role
06:27
and I am role
06:29
will permit us to delegate access along with any defined permission
06:32
to trust in cities without having to share long term access keys or create new user accounts?
06:41
How do we create a role?
06:44
We create a role in nearly the same way that we would for any ordinary user. We just named the role and then attach a policy to it.
06:55
In this video,
06:56
we discussed the concept of I am roles within AWS
07:02
and we performed a walkthrough of creating and I am role.

Up Next

Intro to AWS

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

Instructed By

Instructor Profile Image
Shaun Balkum
Sr. Network Engineer at Presidio
Instructor