um, and interviews service needs to act on resources and your account and provided teachers.
Okay. Kind of the same concept. Users from a corporate directory who use Identity Federation with Sam. Also,
this makes sense to So, uh, you have, you know, Federated access through another directory service like, um,
like, active directory or something like that, Um, or with Samuel. And you're gonna sign a rule there. That way, the users from the Federated Accounts Management System, or I am system can access it. Abuse resource is that way. I am rules
issue keys that are valid for short durations, making them more secure way to grant access. So
lost documentation and epic use. There. You can set it up so that your cross account access and things like that and you can obviously create your rules. Here.
Here's a couple of rules that's are already pre configured, So it'll be a service rules for application in size rolls for conficker. Key thing to note rolls deals with the communication and the permissions between service is
and users and groups kind of Gilmore the human factor. So that's that's kind of how I like to separate it. I know Rolls does deal with humans and does deal with federation.
So as you get a little bit more complex, keep that in mind. But for the simple, you know, differentiating understanding rules help with, you know, service's and applications. Interacting with resource is and you're a devious account.
Policies are the basically the permissions and jace on that. Allow your users, your groups and your rules to do things and eight of us. And what I mean by that is, you know, we talked about the administrator access earlier.
This is your policy for admin access. If we want to review the Amazon, a P I Gateway invoked full access.
That's the policy for that. And that's basically it. You can write Thies. This is Jason. It's not that complicated for your developers. I'm sure it's definitely not complicated because you deal with this all the time. Um, but for those of you who come from or operations background, we don't have a lot of access to our I'm sorry. A lot of experience to Jason.
Um, this is very simple. You can look up a bunch of ways to read up on Jason, but I mean, even just looking at this is pretty simple to understand the effect it allows, it would say deny if that disgraceful way was denying it
the actions that you're allowing our to execute the AP, I you're invoking it and to execute a P I management connections. And the resource is, well, that's there. And you just, you know, this is
the star means all were everything. So it's allowing everything full access across the board. So
of you review, you know, all these different policies, there's some they're pre made for pretty much every service out here, and they're easy to dynamo. Um, if you just keep scrolling down and just, you know, just keeps
populating with more elastic Transcoder EMR cognito Just all kinds of stuff that you can really play around with and, you know, attach it to your projects and and and get it to work. You know, as far as rolls or users or whatever you can, you can attach these across the board
identity providers Not gonna go into that. Your count setting. Um,
yes. So you can see kind of like, uh, your security token service. You can see your password policies,
you know, here's the password policy that I put in place there.
You can change the password policy if you were to go here.
So these are things that I haven't placed for. My password policy obviously can enable password expiration. You can enhance the characters that are required for your minimum password laying things like that, um,
in credential report, which that just lost it down with that. So that's basically it for and I am overview. Hopefully, that was helpful. A ce faras getting a good understanding of what we're gonna be talking about in this course. I'm gonna go ahead and finish up this lecture and we'll dive into the next one. I'll see you in there.