AWS Database Authentication & Access Controls
The course is part of these learning paths
This course covers the different options available to you to enable you to authenticate to your Amazon RDS and Amazon DynamoDB Databases. You'll learn about the difference between authentication and authorization, as well as Identity and Access Management, and how to authenticate to Amazon RDS, and DynamoDB.
If you have any feedback relating to this course, feel free to contact us at firstname.lastname@example.org.
- Define the differences between authentication and authorization
- Understand the key components of IAM used for access control and authentication
- Learn the authentication methods used to access RDS databases across different DB engines
- Learn the authentication controls of Amazon DynamoDB
This course has been designed to assist those who are responsible for securing, designing, and operating AWS Database solutions. It is also ideal for anyone who is looking to take the AWS Certified Database - Specialty exam.
To get the most out of this course, you should have a basic awareness of AWS database services, in addition to AWS Identity & Access Management.
Hello and welcome to this lecture, and before we get into the meat of the course which focuses on access control elements surrounding AWS databases, I feel it’s important we have a grasp of Authentication and Authorization.
When talking about security, I find that there is always a lot of confusion around the definition and meaning of the words authentication, authorization, and access control. Many people believe they all mean the same thing with no clear distinction between them. This is, however, untrue, and as a result, people often use the wrong term to describe their security mechanisms. In this lecture I want to cover each of these to help you understand the differences. It's important to know these differences in order to control access to your cloud resources effectively and with the appropriate level of security.
The authentication process consists of two parts of information. The first part of this process is to define who you are, effectively presenting your identity. An example of this would be your IAM user name to your AWS account.
This identification is a unique value within the system that you are trying to authenticate to and in this example, AWS would not allow two identical user accounts to be created within this same single AWS account. If you did try you would get this error message.
The second part of the authentication process is to verify that you are who you say you are in the first step. This is achieved by providing additional information which should be kept private and secret for security purposes. However, this private information does not have to be a unique value within the system. So in the example I just gave whereby you provide your identity in the form of a username to your AWS account, which will be a unique value, the next step would be to verify that identity by providing a password.
Putting AWS and the cloud to one side for a moment, usernames and passwords are not the only forms of authentication for an identity and verification process. In our everyday lives, we are presented with multiple forms of authentication methods. For example, credit and debit cards and pin numbers. So, when we use these to pay for something we authenticate to our banks. In this process we first identify ourselves by providing the credit card details with our personal information on it and then verify this identification by entering a private, secret pin number. This combination then allows us to authenticate to our banks. Authentication is not just for verifying human access to systems. Authentication takes place by systems that require access to other systems. For example, one AWS service that requires access to another to perform a function. In this instance, the same authentication principles and process is followed. Identity first, and then verification of that identity.
Now that we have a clear definition of authentication, let's take a look at authorization and see how authentication and authorization differ from each other.
Authorization only takes place once an identity has been authenticated, so there is a clear order in which these two operate. Authentication takes place before the correct level of authorization can be attained. Authorization is the process in which a system you have authenticated to establishes what you can access and at what level.
So here, we are really looking at your access privileges and permissions. Staying with an AWS example, we have authenticated ourselves by providing the correct identity and password. Now AWS security features, and in this case, AWS IAM, identity and access management service, defines the level of authorized access assigned to that identity within the AWS account.
Each identity can have a different level of authorized permissions associated with it. It's these permissions that determine what that identity can then access.
There is a clear distinction between authentication and authorization. Authentication identifies and verifies who you are. Authorization determines what an identity can access within a system once it has authenticated to it.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.