Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 04_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 01_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 03_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 01_ocred_fax_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred_fax_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 04_ocred_fax_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 06_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Virtualization and Cloud Computing AWS IAM: 1 e Exam 212-82 — Create Individual IAM | Do not allow a user to use the root user account; instead, create individual user accounts for accessing AWS services 3 — s DA At A N DD Provide a unique set of security credentia...
Certified Cybersecurity Technician Virtualization and Cloud Computing AWS IAM: 1 e Exam 212-82 — Create Individual IAM | Do not allow a user to use the root user account; instead, create individual user accounts for accessing AWS services 3 — s DA At A N DD Provide a unique set of security credentials and appropriate permissions to the IAM users § 1AM Managemers Conscle € & 2 S > \ C x Users This will help in changing or revoking the permissions of IAM users as required - ES @ consoleaws.amazoncom/am/homelregon=us-east-2/users : Services v Management (IAM) Resource Groups v aQ % 0 S =] o« X 6 : 3 ‘ QUrind users by usemame o access hey sh Dasnboard » ASSese messgament f——— — v Username v v @ o Groups Accans bay age Training_Grouwn More IAM: Last sctimey ' Tosay tiane ] ey Copyright © by EC AWS Passmord age Create Individual IAM iL All Rights Reserved. Reproduction is Strictly Prohibited Users It is recommended to avoid using the AWS root user account to access AWS. Instead, individual user accounts should be created for accessing AWS. Accordingly, a user should create an IAM user for themselves and enable it with administrative permissions; this account should be used for all operations. Each IAM user should be provided with a unique set of security credentials and different permissions. The IAM user permissions should be changed or revoked if required. Steps to create a new IAM user: = Select Users from the Identity and Access Management user to create a new user. (IAM) section and click Add | % |AM Management Console (S (& aws 8 x + - console.aws.amazon.com/iam/home?region=us-east-2#/users Services Identity and Access Management (IAM) Dashboard + Access management v ResourceGroups 1 v - Q % Q v Global ¥ - A e Support v o 6le Q Find users by usemame or access key Username « Groups Access key age Groups There are Password age Last Learn more Roles Policies Figure 10.42: Add a User Module 10 Page 1352 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 = Inthe User name field, provide any name (here, Alice). = For Access type, provide AWS Management Console access to Alice under the Select AWS access type section. Select the Custom password radio button and enter a password in the Password field. The Require password reset tab is optional; however, enable this setting. Then, click on Next Permission. ¥ € 1AM Management Console C # X -+ console.aws.amazon.com/iam/home?region=us-east-2#/usersSnew?step=details Services v Resource Groups v oo Q 1 e % Add user 0 2) (3) (3) (s Set user details You can add multipie users at once with the same User name* access lype and pernussions. Learn more [ Alice ] © Add another user Select AWS access type Select how these users will access AWS Access keys and autogenerated passwords are provided in the last step. Learn more Access type* Programmatic access Enables an access key ID and secret access key for the AWS APIL CLI other development Console password* SDK, and tools Autogenerated password Custom password Show password Require password reset « User must creale a new password al next sign-in Users automatically get the IAMUserChangePassword policy lo allow them to change their own password Figure 10.43: Set Console Password for User Alice Module 10 Page 1353 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Under the Set permissions section, the Add user to group option is selected by default. Check the newly created group group. Then, click on Next: Tags. ? < IAM Management C 8 Console this will add the user to the -4 a console.aws.amazon.com/iam/home?region=us-east-2#/usersSnew?step=permissions&accessKey&login&use... Services Add X (here, Training_Group); v Resource Groups ~ « O * user. ° 3) () (s ~ Set permissions a‘»dd user o group & Copy permissions from cxisting user Add user 1o an exisiing group or creale a new one E Attach existing policies directly Using groups is a besl-praclice way 1o manage user's permissions by job funclions Learn more Add user to group Create group |« Refresh Q search Group ) Showing 1 result « Training_Group Attached policies DatabaseAdmenistrator and 1 more » Set permissions boundary Cancel Previous m - Figure 10.44: Add a User to Group Tags are optional; however, tagging helps in searching for Tag keys easily in the future. Specify Department as Tag Key and Key-Value as Training. Click Next: Review to review IAM User creation. Module 10 Page 1354 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 x
