Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 05_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 03_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 04_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 06_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 07_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 04_ocred_fax_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 10_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing AWS IAM: Use Groups to Assign Permissions to IAM Users...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing AWS IAM: Use Groups to Assign Permissions to IAM Users O Create groups and assign appropriate permissions to reduce for organizations with large number of users O Create groups with similar job functions Advantages:. Assigning and reassigning rights to groups is easy and less time consuming Mansgument Managemaent (AM) Identity and Access Managemaent (IAM) (LAM). SR v o - — —cjeje Oasrioard Oasteoard o Aciens st oo N 3 Users e Il Polcy Policy Creaticn Teee Creation Teme 88 Reduces accidental assignment of greater oo - privileges to users AWS IAM: Use Groups to Assign Permissions to IAM Users Granting permissions to each IAM user can be a difficult task. Therefore, create groups and define specific rights and permissions for each group. Add IAM user accounts to these groups based on their job functions. This can help in modifying the IAM users of a specific group at one spot and reduce the access management complexity for organizations with numerous users and the accidental assignment of higher privilege to users. It is easy and less time-consuming to assign and reassign rights to groups. If the role of a user is changed, the IAM user account can be transferred to the new group. Module 10 Page 1357 EG-Council Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Click on Groups in the left pane under Identity and Access Management (IAM). %¥ 1AM Management 1AM Management Console Console XX ++ -- == S2 &“— C @ consoleaws.amazon.com/iam/home?region=us-east-2¢/home console.aws.amazon.com/iam/home?region=us-east-2¢/home o~ o % O 6 aws Services v Resource Resource Groups v+ * Ja\ JA\ v Global v Support v Identity and Access i. Management (IAM) Management (IAM) « Welcome to Identity and Access Management Feature Spotlight Feature Spotlight 1AM users sign-in link m L =N = Dashboard Dashboard https://344399937603.5ignin.aws.amazon.com/console https://344399937603.signin.aws.amazon.com/console || C n @ Customize Gl{ Ii I { +- Access management H | \ IAM Resources Groups Users Users: 0 Roles: 2 P Roles Groups: 00 Groups: Identity Providers: Identity ’ Providers: \ 00 < o[} >> Policles Polcies t' Customer r Managed Pol Po Policies: Policies: 0 - Additional Identity providers Security Status - [e=i 1outof5 1outof 5 Information R Account settings complet complete plete IAM best practices Delete your root access keys v 1AM IAM documentation v~ Access Access reports reports Web Identity Federation Access analvzer analyzer A\ Activate MFA on your root account vN Playground BN Archive — rules A\ A Create Create individual individual IAM IAM users users vv AR Policy —— Simulator Analyzer Analyzer details detalls Videos, IAM release A Use groups to assign permissions vN history and additional Credential report resources A Apply an IAM 1AM password policy v Organization activity Service control Service control policies policies (SCPs) (SCPs) ikS Figure 10.48: Click Groups in Dashboard = (Click on Create New Group. iq = X '$ 1AM Management Console IAM X + & o= > €& C 8@ console.aws.amazon.com/iam/home?region=us-east-2#/groups o 1r 6 e aws Services v Resource Groups ~v * Ja\ Q v Global v+ Support Support v Identity and Access Create New Group Group Actions ~ |6 c|l0 | @|0 Management (IAM) h< Showing 0 resuits results Dashboard v» Access management [) I:) Group Name ¢2 Users Inline Policy Creation Time %¢ Groups No records found Users Roles Policies Identity providers Account settings v Access reports Figure 10.49: Click “Create New Group” Button Module 10 Page 1358 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Under the Set Group Name section, type the group name in the Group Name field (here, Training_Group) and click on Next Step. 14M 1AM Management Management Console X e + (¢ C @# console.aws.amazon.com/iam/home?region=us-east-2#/groups g e e aws Services Services v Resource Groups Resource v * Q vv Global Global vv+ Support Support v~ Create New Group Set Group Name Set Group Name Wizard Specify a group name. Group names can be edited any time. Step 1 1: Group Name Step Group Name: [Tuainung__(sloupl ['Iralmng,_Gloup{ ] ) © Attach Policy Exampla Developers Example’ Developers oror ProjectAlpha ProjectAlpha Qten 1J *| KEVIEW Review Maximum 128 character character SIEP
