3.2 What is an IAM Role?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 27 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:02
In this video,
00:04
we will discuss the concept
00:06
of I am roles within AWS.
00:10
We will walk through creating an I am role.
00:16
So
00:17
what is and I am role
00:22
and I am role
00:24
is like a user
00:26
or an identity
00:28
that defines a set of permissions for making a W S service requests.
00:34
And I am role isn't necessarily assigned to any particular user group
00:40
or service,
00:42
but a role is readily assume herbal by trusted entities such as I am Users Applications
00:51
or A W S service is like E C two,
00:56
and I am role will not have user credentials associated with it.
01:00
However,
01:02
whomever assumes the role will be provided with dynamic
01:06
meaning created on the fly temporary credentials.
01:10
The easiest way for me think about the concept of roles
01:14
is that of a substitute teacher.
01:17
The substitute teacher assumes the role of the teacher during the absence of the real teacher,
01:25
So
01:26
why would we ever use in? I am role
01:30
and I am roll permits us to delegate access along with defined permissions to trust the entities without having to share long term access keys we can utilize I am rolls to delegate access to
01:47
service is like E. C. Two instances,
01:49
the need to access
01:52
other AWS service's
01:56
permitting users from different AWS accounts.
01:59
Access to resource is in other AWS accounts
02:02
without having to create new users.
02:07
Integration with corporate authentication systems to reduce the need for their users to have to authenticate more than once
02:16
integration with external authentication networks such as Facebook and Google.
02:23
So how do we create a role?
02:25
We create a role in nearly the same way that we create an ordinary user.
02:30
We just named the role and then attach a policy to it.
02:35
Let's walk through creating a role.
02:38
We begin by typing. I am into the AWS management console to reach the I Am dashboard.
02:51
Then we click on Rolls
02:55
in the Rules dashboard.
02:58
If I'm or explanations of roles,
03:01
let's click create role.
03:05
This brings us to the next screen,
03:07
where we can select the type of trusted entity that we want to use.
03:12
The AWS service is where we create rolls. To assign the service is like easy to
03:19
the next type of entity would be for a different AWS count.
03:23
Another department or third party
03:28
with identity
03:30
is for assigning a role toe a log in service such as Facebook
03:34
or a Google account.
03:38
Samel
03:38
or federation
03:40
would tie into your company's authentication system, such as L DAP,
03:46
for our course. We would just create a role for the EEC to service.
03:51
Let's click, create role
03:54
Select
03:55
Easy to
03:57
and then click next
04:02
type
04:04
E C two full access
04:06
in the Filter Policy bar. To pull up the EEC to policy,
04:17
place a checkmark to select the policy.
04:21
Advance to the next screen where we can add tags.
04:26
We won't be adding any tags in this example, so just go to the next screen.
04:31
Next
04:32
we give the role of name.
04:34
I will just call it
04:36
the demo Easy to roll,
04:46
Click Finished
04:48
and just that easily. We have created a new role for E C two full access.
04:55
Let's click on it to explore some of its properties,
04:59
so
05:00
this role has full access to easy to
05:03
we click trust relationships.
05:06
This is where we could view the trusted entities
05:10
that would be able to assume this role
05:14
tags are where we could place identifiable information
05:17
for the role to help us with tracking
05:20
what
05:21
or who is assuming it
05:25
the Access advisor will show us what permissions that we granted to the role
05:30
and when was the last time that the permissions were used?
05:33
This is handy if we ever need to perform a quick audit.
05:39
The Revoke Sessions tab
05:41
is where we can immediately revoke all sessions currently assuming the role.
05:46
This is like hitting the big red emergency button.
05:50
So
05:51
that will wrap up our exploration of what roles are
05:56
and we'll conclude our quick introduction to A W s identity and access management.
06:04
What is an eye? An emerald
06:09
and I am role is similar to a user. It's an identity with permission policies assigned to it.
06:15
The permissions define what a. W s service requests that the role has authorization to execute.
06:21
Why would we ever use? And I am role
06:27
and I am role
06:29
will permit us to delegate access along with any defined permission
06:32
to trust in cities without having to share long term access keys or create new user accounts?
06:41
How do we create a role?
06:44
We create a role in nearly the same way that we would for any ordinary user. We just named the role and then attach a policy to it.
06:55
In this video,
06:56
we discussed the concept of I am roles within AWS
07:02
and we performed a walkthrough of creating and I am role.
Up Next