Hello and welcome to the final lecture of this course which will summarize the key points taken from the previous lectures.  

I began this course by explaining the difference between Authentication and Authorization, and during this lecture, I explained that

• Authentication consists of two parts of information. The first part defines who you are, such as your IAM user name, which has to be unique. The second part verifies that you are who you say you are in the first step, in this case by providing a password
• Authorization only takes place once an identity has been authenticated
• Authorization is the process in which a system you have authenticated to establishes what you can access and at what level. 
• Each identity can have a different level of authorized permissions associated with it
• So in a nutshell, Authentication identifies and verifies who you are. Authorization determines what an identity can access within a system once it has authenticated to it.

Next, I gave a high-level overview of some of the IAM controls which play a big part in access control, not just for Amazon Databases, but across the board within your AWS account.

In this lecture we learned that:

• IAM Users are objects created to represent an identity. 
• They can have AWS Management Console or programmatic access via the AWS CLI
• Permissions can be assigned to user objects granting access to resources
• IAM Groups are objects much like user objects, but they are not used in any authentication process. 
• They are used to authorize access to AWS resources, through the use of AWS Policies. 
• Groups are normally created that relate to a specific requirement or job role. 
• Users that are a member of a group inherit the permissions applied to the group
• IAM Roles allow users and other AWS services and applications to adopt a set of temporary IAM permissions to access AWS resources. 
• IAM Policies are used to assign permissions to users, groups, and roles and are written as JSON documents
• Each policy contains at least one statement with an Action, Effect, and Resource parameters
• Policies can be Managed or Inline
• Managed policies can be AWS Managed, AWS Managed - Job Function or Customer Managed

Next, we started looking at Amazon RDS and the different authentication that could be used.  During this lecture I explained that: 

• There are a number of different ways that you can authenticate yourself to RDS, including IAM database authentication, using password authentication, or by using Kerberos authentication
• IAM database authentication can be used with MySQL, PostgreSQL, and Aurora database engines
• It uses an authentication token instead of a password to connect your database resource.
• IAM database authentication is not the default authentication option 
• It can be enabled or disabled
• The authentication token only lasts for 15 minutes before a new one is generated. 
• You can centralize access control within IAM instead of across multiple different database instances 
• IAM Database Authentication is not available on ALL versions of the DB engine types
• Password Authentication is supported by all database engines and is the default method of authenticating to your database instances.  
• Your database instance that manages the security of your user accounts 
• Password Authentication integrates with AWS Secrets Manager
• Password and Kerberos Authentication works with Microsoft active directory and is supported by MySQL, PostgreSQL, Aurora PostgreSQL, and Oracle DB engines.
• Kerberos is a network authentication technology that is used by Microsoft and is often used for single-sign on (SSO) implementations and authenticates users to network resources
• Using credentials stored in Active Directory, you can authenticate through AD or by using credentials that are stored in AWS Directory Service for MS AD.  

In the last lecture, I then looked at how authentication is managed with Amazon DynamoDB.  Here I covered the following points:

• Amazon DynamoDB authenticates you through IAM permissions to access its resources
• DynamoDB only supports identity-based policies
• DynamoDB has 3 main resources, Tables, Indexes and Streams
• Compared to Amazon RDS, the authentication options are much simpler with DynamoDB, it is purely based upon AWS IAM Identity-based policies. 

That now brings me to the end of this lecture and to the end of this course, and so you should now have a greater understanding of the different authentication and access control methods that can be used when accessing Amazon RDS and DynamoDB databases.

Feedback on our courses here at Cloud Academy is valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.

Thank you for your time and good luck with your continued learning of cloud computing. Thank you.