AWS IAM Overview - It’s Surprisingly Simple

AWS IAM Overview - It’s Surprisingly Simple - Users vs Roles

Рет қаралды 5,546

Күн бұрын

❗️ In this video, we’ll finally clarify IAM. Specifically when to use Users vs Roles. This is a confusing topic for many people but with the visuals and examples I’ll share, you’ll realize it’s surprisingly simple.
🧠 IAM is broken into four parts. Users, Groups, Roles, and Policies. It’s confusing at first, but it will all make sense after you watch the video!
---
TIMESTAMPS:
0:00 Intro
0:17 Why Do We Need IAM?
1:00 How Does IAM Work?
2:58 Users Vs. Roles
4:10 One Caveat
5:25 Decision Chart
5:36 Groups
6:22 Now You Try
6:51 Conclusion
---
WHO AM I: I'm Dylan, a Cloud Engineer living in Oregon. I use my background in tech to make videos about technology that enables and grows businesses.
---
🌍 My website / blog -
dylanalbertazzi.com/

Пікірлер: 30

@lazyturtlehostel9397 Жыл бұрын

informative video but background music is annoying and disctracting

@touavang34 7 ай бұрын

I actually enjoyed the music and I definitely enjoy the visuals. Answer to your question is: Set up an temp IAM role and give permissions in what is needing done only, with some sort of trust policy.

@shreyjoshi8253 11 ай бұрын

Perfect explanation, thank you!!

@user-jf1mz2ds6b 4 ай бұрын

short and simple. very informative. Thanks

@kyleebowers6881 Жыл бұрын

Great explanation! Thank you!!!

@dylanalbertazzi Жыл бұрын

Glad it was helpful!

@AWriterWandering 2 жыл бұрын

Thank you so much my fellow Dylan!

@dylanalbertazzi 2 жыл бұрын

You are so welcome!

@nunuminu313 Жыл бұрын

Great explanation.. Ty!

@amanuelyohannes7151 Жыл бұрын

Good job! one thing though I couldn't get 1 Role to be assumed by multiple users. I tried to add principal (user ARN) in the Trust Policy but I keep getting error. Can I add another user ARN to this { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111111111111:user/John" }, "Action": "sts:AssumeRole" } ] } Thank you.

@YS-zk4wz 25 күн бұрын

omg that music what was he thinking

@rakeshmehra6321 2 жыл бұрын

Thanks for the video. Great explanation. So, If I want to give temporary access to someone, I create user account for him(if not existed already) and assign him a role. Once he's done, I'd unassign the role and even delete the user. Am I right? But why not create the user and add policies to give him access and once he is done, remove policies?

@dylanalbertazzi 2 жыл бұрын

Really depends on what you mean by temporary... a couple hours vs a few months is diifferent. For a few months... Make a user and attach a policy :) Then delete the user.

@rakeshmehra6321 2 жыл бұрын

@@dylanalbertazzi Thanks!

@nope8605 Жыл бұрын

same my question , that's great.

@vikasdfghjlYT 5 ай бұрын

great question.

@matthewdraevich4214 Жыл бұрын

great explanation, but background music seems to be too loud

@jinghuiniu7335 3 жыл бұрын

Roles are only for AWS internal resources, right? For external applications making AWS api calls, they still need a user, and an access key, correct?

@dylanalbertazzi 3 жыл бұрын

Yes, exactly, Roles are only for AWS internal resources🚀 Depending on how you set up your api you will only need an access key. If you are talking about external users (not developers but users of the app)... Normally you would use something like cognito to handle auth for external users. You make a cognito user pool and connect it to the sign up form on your app. Then you give users within the pool access to the api. This article explains it in depth. medium.com/swlh/how-to-protect-apis-using-amazon-cognito-user-pool-723c471a3468. I wouldn't actually follow this article, it's just for getting an idea of what's going on behind the hood. Amplify makes auth much simpler aws.amazon.com/amplify/authentication/ Hope this helps😛