Scribd
Upload
11 views31 pages

BCSE355 AWS Session3

The document outlines the AWS Shared Responsibility Model, emphasizing the division of security responsibilities between AWS and its customers. It details AWS Identity and Access Management (IAM) components, including user access control, policies, and best practices for secure account management. Additionally, it highlights the importance of understanding service characteristics such as IaaS and PaaS in relation to security responsibilities.

Uploaded by

pragati.maheshwari2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
11 views31 pages

BCSE355 AWS Session3

The document outlines the AWS Shared Responsibility Model, emphasizing the division of security responsibilities between AWS and its customers. It details AWS Identity and Access Management (IAM) components, including user access control, policies, and best practices for secure account management. Additionally, it highlights the importance of understanding service characteristics such as IaaS and PaaS in relation to security responsibilities.

Uploaded by

pragati.maheshwari2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 31

AWS Cloud Foundations

& IAM

AWS Shared Responsibility Model


AWS Identity and Access Management (IAM)
Roadmap

• AWS Shared Responsibility Model


• AWS Identity and Access Management (IAM)
• IAM Users
• Groups, and Policies
• IAM Roles
• IAM Best Practices

02/05/2025 BCSE355_AWS 2
AWS Shared Responsibility Model

• Security and compliance are a shared responsibility between


AWS and the customer.

02/05/2025 BCSE355_AWS 3
AWS Shared Responsibility Model

• Inherited Controls – Controls that a customer fully inherits from AWS.


• Physical and Environmental controls
• Shared Controls – Controls that apply to both the infrastructure layer and
customer layers, but in separate contexts or perspectives
• Patch Management – AWS is responsible for patching and fixing flaws within the
infrastructure, but customers are responsible for patching their guest operating system and
applications.
• Configuration Management – AWS maintains the configuration of its infrastructure devices,
but customers are responsible for configuring their own guest operating systems, databases,
and applications.
• Awareness and Training – AWS trains AWS employees, but customers must train their own
employees
• Customer Specific – Controls that are solely the responsibility of the customer
based on the application they are deploying within AWS services
• Service and Communications Protection or Zone Security, which might require a customer to
route or zone data within specific security environments.

02/05/2025 BCSE355_AWS 4
AWS responsibility: Security
of the cloud

02/05/2025 BCSE355_AWS 5
AWS responsibility: Security
of the cloud

02/05/2025 BCSE355_AWS 6
Customer responsibility: Security
in the cloud

02/05/2025 BCSE355_AWS 7
Service characteristics
and security responsibility

02/05/2025 BCSE355_AWS 8
Service characteristics
and security responsibility
 Infrastructure as a service (IaaS) refers to services that provide basic building
blocks for cloud IT, typically including access to configure networking,
computers (virtual or on dedicated hardware), and data storage space.

 Cloud services that can be characterized as IaaS provide the customer with the
highest level of flexibility and management control over IT resources.

 IaaS services are most similar to existing on-premises computing resources that
many IT departments are familiar with today

 Amazon EC2: can be categorized as IaaS and thus require the customer
to perform all necessary security configuration and management tasks.

 Customers who deploy EC2 instances are responsible for managing the guest
operating system (including updates and security patches), any application
software that is installed on the instances, and the configuration of the security
groups that were provided by AWS
02/05/2025 BCSE355_AWS 9
Service characteristics
and security responsibility
 Platform as a service (PaaS) refers to services that remove the need for
the customer to manage the underlying infrastructure (hardware,
operating systems, etc.).

 PaaS services enable the customer to focus entirely on deploying and


managing applications.

 Customers don’t need to worry about resource procurement, capacity


planning, software maintenance, or patching

 AWS Lambda and Amazon RDS can be categorized as PaaS because


AWS operates the infrastructure layer, the operating system, and
platforms.

02/05/2025 BCSE355_AWS 10
Service characteristics
and security responsibility

AWS Trusted Advisor


 Analyses your AWS environment and
provides real-time guidance and
recommendations to help you provision AWS Shield
your resources by following AWS best
Managed distributed denial of service
practices
(DDoS) protection service that safeguards
 Offered as part of your AWS Support plan applications running on AWS

 Business Support and Enterprise


Amazon Chime
Support customers have access to the full Meet, chat, and place business calls inside
set of Trusted Advisor checks and and outside your organization, all using a
recommendations single application
02/05/2025 BCSE355_AWS 11
Activity – 1

02/05/2025 BCSE355_AWS 12
Activity – 1

02/05/2025 BCSE355_AWS 13
Activity – 2

02/05/2025 BCSE355_AWS 14
Activity – 2

02/05/2025 BCSE355_AWS 15
AWS Identity and Access
Management (IAM)
IAM : allows you to control access to compute, storage, database, and
application services in the AWS Cloud

Centrally manages access to launching, configuring, managing, and


terminating resources in your AWS account

1. Who can access the resource


2. Which resources can be accessed and what can the user do to the
resource
3. How resources can be accessed

IAM is a no cost AWS account feature

02/05/2025 BCSE355_AWS 16
IAM: Essential
components

02/05/2025 BCSE355_AWS 17
Authenticate as an IAM
user to gain access
• When you define an IAM user, you select what
types of access the user

02/05/2025 BCSE355_AWS 18
Authorization: What
actions are permitted

02/05/2025 BCSE355_AWS 19
IAM: Authorization

02/05/2025 BCSE355_AWS 20
IAM policies

02/05/2025 BCSE355_AWS 21
IAM policies
Identity based policies can
be further categorized as

Managed policies –
Standalone identity-based
policies that you can attach
to multiple users, groups,
and roles in your AWS
account

Inline policies –Policies


that you create and
manage, and that are
embedded directly into a
single user group or role

02/05/2025 BCSE355_AWS 22
IAM groups

02/05/2025 BCSE355_AWS 23
IAM roles

02/05/2025 BCSE355_AWS 24
Best practice
recommendations
• Secure logins with multifactor authentication (MFA)
• Delete account root user access keys.
• Create individual IAM users and grant permissions
according to the principle of least privilege.
• Use groups to assign permissions to IAM users.
• Configure a strong password policy.
• Delegate using roles instead of sharing credentials.
• Monitor account activity using AWS CloudTrail.

02/05/2025 BCSE355_AWS 25
AWS Services/ Components

• AWS CloudTrail
• CloudTrail tracks user activity on your account.
• Logs all API requests to resources in all supported services
your account
• Billing reports
• Provide information about your use of AWS resources and
estimated costs for that use
• AWS Cost and Usage Report
• Tracks your AWS usage and provides estimated charges
associated with your AWS account, either by the hour or
by the day

02/05/2025 BCSE355_AWS 26
Review Question - 1

• Which task is the customer’s responsibility, according to the AWS


shared responsibility model?
A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.

02/05/2025 BCSE355_AWS 27
Review Question - 1

• Which task is the customer’s responsibility, according to the AWS


shared responsibility model?
A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.

02/05/2025 BCSE355_AWS 28
Review Question – 2

• Which option is a shared responsibility between AWS and its


customers under the AWS shared responsibility model?
1. Configuration of Amazon EC2 instance operating systems
2. Application file system server-side encryption
3. Patch management
4. Security of the physical infrastructure

02/05/2025 BCSE355_AWS 29
Review Question – 2

• Which option is a shared responsibility between AWS and its


customers under the AWS shared responsibility model?
1. Configuration of Amazon EC2 instance operating systems
2. Application file system server-side encryption
3. Patch management
4. Security of the physical infrastructure

02/05/2025 BCSE355_AWS 30
References

• https://aws.amazon.com/compliance/shared-responsibility-model/

• https://
docs.aws.amazon.com/wellarchitected/latest/security-pillar/shared-r
esponsibility.html

• https://
docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

• https://
docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

02/05/2025 BCSE355_AWS 31

You might also like