we will discuss the concept
of I am roles within AWS.
We will walk through creating an I am role.
what is and I am role
that defines a set of permissions for making a W S service requests.
And I am role isn't necessarily assigned to any particular user group
but a role is readily assume herbal by trusted entities such as I am Users Applications
or A W S service is like E C two,
and I am role will not have user credentials associated with it.
whomever assumes the role will be provided with dynamic
meaning created on the fly temporary credentials.
The easiest way for me think about the concept of roles
is that of a substitute teacher.
The substitute teacher assumes the role of the teacher during the absence of the real teacher,
why would we ever use in? I am role
and I am roll permits us to delegate access along with defined permissions to trust the entities without having to share long term access keys we can utilize I am rolls to delegate access to
service is like E. C. Two instances,
permitting users from different AWS accounts.
Access to resource is in other AWS accounts
without having to create new users.
Integration with corporate authentication systems to reduce the need for their users to have to authenticate more than once
integration with external authentication networks such as Facebook and Google.
So how do we create a role?
We create a role in nearly the same way that we create an ordinary user.
We just named the role and then attach a policy to it.
Let's walk through creating a role.
We begin by typing. I am into the AWS management console to reach the I Am dashboard.
Then we click on Rolls
in the Rules dashboard.
If I'm or explanations of roles,
let's click create role.
This brings us to the next screen,
where we can select the type of trusted entity that we want to use.
The AWS service is where we create rolls. To assign the service is like easy to
the next type of entity would be for a different AWS count.
Another department or third party
is for assigning a role toe a log in service such as Facebook
or a Google account.
would tie into your company's authentication system, such as L DAP,
for our course. We would just create a role for the EEC to service.
Let's click, create role
in the Filter Policy bar. To pull up the EEC to policy,
place a checkmark to select the policy.
Advance to the next screen where we can add tags.
We won't be adding any tags in this example, so just go to the next screen.
we give the role of name.
the demo Easy to roll,
and just that easily. We have created a new role for E C two full access.
Let's click on it to explore some of its properties,
this role has full access to easy to
we click trust relationships.
This is where we could view the trusted entities
that would be able to assume this role
tags are where we could place identifiable information
for the role to help us with tracking
or who is assuming it
the Access advisor will show us what permissions that we granted to the role
and when was the last time that the permissions were used?
This is handy if we ever need to perform a quick audit.
The Revoke Sessions tab
is where we can immediately revoke all sessions currently assuming the role.
This is like hitting the big red emergency button.
that will wrap up our exploration of what roles are
and we'll conclude our quick introduction to A W s identity and access management.
What is an eye? An emerald
and I am role is similar to a user. It's an identity with permission policies assigned to it.
The permissions define what a. W s service requests that the role has authorization to execute.
Why would we ever use? And I am role
will permit us to delegate access along with any defined permission
to trust in cities without having to share long term access keys or create new user accounts?
How do we create a role?
We create a role in nearly the same way that we would for any ordinary user. We just named the role and then attach a policy to it.
we discussed the concept of I am roles within AWS
and we performed a walkthrough of creating and I am role.