Understanding of AWS Authentication, Authorization & Accounting

Please note that this course has now been replaced with three new courses:

• The Difference Between Authentication, Authorization, and Access Control in AWS
• Authorization Controls in AWS
• AWS Authentication Mechanisms

 

Cloud Security is a huge topic, mainly because it has so many different areas of focus. This course focuses on three areas that are fundamental: AWS Authentication, Authorization, and Accounting.

These three topics can all be linked together and having an understanding of the different security controls from an authentication and authorization perspective can help you design the correct level of security for your infrastructure. Once an identity has been authenticated and is authorized to perform specific functions it's then important that this access can be tracked with regards to usage and resource consumption so that it can be audited, accounted, and billed for.

The course will define and discuss each area, and iron out any confusion of meaning between various security terms. Some people are unaware of the differences between authentication, authorization, and access control, this course will clearly explain the differences here allowing you to use the correct terms to describe your security solutions.

From an AWS authentication perspective, a number of different mechanisms are explained, such as Multi-Factor AWS Authentication (MFA), Federated Identity, Access Keys, and Key Pairs. With the help of demonstrations, you can learn how to apply access keys to your AWS CLI for programmatic access and understand the differences between Linux and Windows authentication methods using AWS Key Pairs.

When we dive into understanding authorization we cover IAM Users, Groups, Roles, and Policies, providing examples and demonstrations. Within this section, S3 authorization is also discussed, looking at access control lists (ACLs) and Bucket Policies. Moving on from S3, we look at network- and instance-level authorization with the help of Network Access Control Lists (NACLs) and Security Groups.

Finally, the Accounting section will guide you through the areas of Billing & Cost Management that you can use to help identify potential security threats. In addition to this, we explain how AWS CloudTrail can be used to track API calls to analyze what users are doing and when. This makes CloudTrail a strong tool in tracking, identifying, and monitoring a user's actions within your AWS environment.

Learning Objectives

• Obtain a strong grasp of the difference between authentication, authorization, access control, and accounting
• Understand various authentication mechanisms used in AWS such as MFA, Federated Identity, Access Keys, and Key Pairs
• Learn about IAM Users, Groups, Roles, and Policies and how they tie into authorization in AWS
• Learn about billing and cost management, and how to use it to identify potential security threats
• Understand how AWS CloudTrail can be used to track, identify, and monitor users' actions within AWS

Intended Audience

This course has been created for anyone with an interest in cloud security, and/or who may hold a position of cloud solutions architect, cloud security specialist, or similar.

Prerequisites

To get the most out of this course, you should have a basic understanding of identity and access management (IAM), Amazon EC2, Amazon S3 storage, networking fundamentals, and the virtual private cloud service.