CloudAcademy
  1. Home
  2. Content Library
  3. Amazon Web Services
  4. Courses
  5. Understanding of AWS Authentication, Authorization & Accounting

Introduction

The course is part of these learning paths

Security - Specialty Certification Preparation for AWS

course-steps 21 certification 1 lab-steps 11

Solutions Architect – Associate Certification Preparation for AWS - Feb 2018

course-steps 28 certification 6 lab-steps 23

Advanced Networking – Specialty Certification Preparation for AWS

course-steps 17 certification 1 lab-steps 6 quiz-steps 1

AWS Access & Key Management Security

course-steps 5 certification 1 lab-steps 2 quiz-steps 3

DevOps Engineer – Professional Certification Preparation for AWS

course-steps 16 certification 1 lab-steps 10 quiz-steps 2

Contents

keyboard_tab
Introduction
1
Introduction3m 14s
Definitions
2
Authentication, Authorization & Access Control7m 56s
Authentication, Authorization & Accounting
3
Authentication Mechanisms26m 25s
4
Authorization in AWS30m 36s
5
AWS Accounting14m 9s
Summary
6
Summary3m 20s
play-arrow
Start course
Overview
Transcript
DifficultyIntermediate
Duration1h 26m
Students1434

Description

Cloud Security is a huge topic, mainly because it has so many different areas of focus. This course focuses on three areas that are fundamental, AWS Authentication, Authorisation and Accounting.

These three topics can all be linked together and having an understanding of the different security controls from an authentication and authorization perspective can help you design the correct level of security for your infrastructure. Once an identity has been authenticated and is authorised to perform specific functions it's then important that this access can be tracked with regards to usage and resource consumption so that it can be audited, accounted and billed for.

The course will define and discuss each area, and iron out any confusions of meaning between various security terms. Some people are unaware of the differences between authentication, authorization and access control, this course will clearly explain the differences here allowing you to use the correct terms to describe your security solutions.

From an AWS authentication perspective, a number of different mechanisms are explained, such as Multi-Factor AWS Authentication (MFA), Federated Identity, Access Keys and Key Pairs. With the help of demonstrations, you can learn how to apply access keys to your AWS CLI for programmatic access and understand the differences between Linux and Windows authentication methods using AWS Key Pairs.

When we dive into understanding authorization we cover IAM Users, Groups, Roles and Policies, providing examples and demonstrations. Within this section, S3 authorization is also discussed, looking at access control lists (ACLs) and Bucket Policies. Moving on from S3, we look at network and instance level authorization with the help of Network Access Control Lists (NACLs) and Security Groups.

Finally, the Accounting section will guide you through the areas of Billing & Cost Management that you can use to help identify potential security threats. In addition to this, we explain how AWS CloudTrail can be used to track API calls to analyse what users are doing and when. This makes CloudTrail a strong tool in tracking, identifying and monitoring a user's actions within your AWS environment.

About the Author

Students33906
Labs1
Courses38
Learning paths13

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to more recently cloud architecture and implementation.

He is a Certified Data Centre Design Professional (CDCDP), with his latest achievements gained within the Amazon Web Services (AWS) field.

He currently holds the AWS Certified Solutions Architect - Associate certification as well as accreditations as an AWS Business and Technology Professional and in TCO and Cloud Economics.

In January 2016 Stuart was awarded 'Expert of the Year Award 2015' from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.