Explore Security, Identity, and Logging Services on AWS and Their Features
TABLE OF CONTENTS
1. Introduction2. Identity and Access Management (IAM). IAM4’s Top Features IAM Internals 5. AWS CloudTrail6. AWS Shield7. AWS WAF8. Conclusion 9. Conclusion 9. Introduction
In my previous blog, I discussed security issues of applications and networks for your infrastructure. Also, steps to implement AWS services in order to achieve the desired goal. Today we will explore the top features and benefits of all these services.
2. Identity and Access Management (IAM).
We will create an AWS Account for the first time by creating an AWS account root user. This root user has full access all AWS resources and services. You can access this root user by logging in with your email address and password when you create an AWS account. It is best to not use the AWS root user for any of our daily tasks, including administrative functions. Instead, we follow the best practice of only using a root user to create our first IAM account.
3. IAM’s Top Features
IAM offers the following features:
Access to your AWS account via shared access
We can grant access permissions to other people to use and administer our AWS account resources without sharing our password or access key.
You can give different permission levels to different people to access different resources. We can give some users permission to access the Elastic Compute Cloud (Amazon EC2) and Amazon Virtual Private Clouds (Amazon VPC), Simple Storage Service(Amazon S3), as well as other AWS services. We can grant access to Amazon VPC to some users, allow them to access billing information, and give permission to access EC2 instances.
Access to applications that run on Amazon EC2 is secured
AWS IAM features can be used to securely provide credentials for applications on EC2 instances. These credentials can be used to grant permissions to our application to access other AWS resources and services, such as DynamoDB tables or S3 buckets.
Multi-factor authentication (MFA)
Two-factor authentication can be added to your AWS account and individual users to increase security. MFA enabled requires that you or your users provide a password, access key, or code from the MFA device to log in to your AWS Account.
Federation of identity
This feature allows users with passwords to be able to temporarily access our AWS account in another network or internet identity provider.
Use it free of charge
AWS Security Token Service, (AWS STS), and AWS Identity and Access Management are AWS account features that come with no additional charges. We will not be charged for using other AWS services that we have IAM users.
4. IAM Internals
IAM is responsible below mentioned two processes
Authentication — Are you the right user?
Authorization — Are you allowed to perform these actions?
IAM offers many internal items:
Users are entities that have the console login and password as well as API key or secrets and other security credentials.
Groups –IAM Groups can be used to manage permissions for multiple entities.
Roles — While the IAM group can grant permissions to users’, IAM Roles can manage permissions for entities such as Lambda functions and EC2 instances.
Policies are a set or permissions that are assigned to users, groups, or roles.
An AWS user can be described as an account within another account. As the account owner, we can create new users who can access different AWS resources such as EC2 and S3, or ELB. We can also assign access policies to the account, generate passwords, and secure credentials. Once we have sent login details to our team members they will be able to begin work.
Protecting our Root User Account
It is highly recommended that you lock down your root AWS account and use it regularly.