I am trying to create a table from data loaded on s3. I am using glue. I already created IAM user. Then I created role with AmazonS3FullAccess and AWSGlueServiceRole. I also added policy to user according to your tutorial suing JSON { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::myaccountid:role/de-on-youtube-role-glue-s3" } } And Still when I try to create crawler I am not able it says Account (than my account Id) is denied access. Can you please advice? I am in base (trial version) trying to learn basics, so I do not have AWS support. Thank you!
Very good point showcasing that an IAM user has to have specific permissions just to assume a role. Not everybody explains this which is mandatory to being able to assume a role.
Brushing up on my IAM knowledge and I appreciate the way you presented, easy and digestible to follow along! Thank you so much :D you are severely underrated
Hi Ronald! It's a good question! Generally, roles are used when someone (or something) only needs temporary credentials to do something. If a user needs to take some action every day, it would be better to just give them those permissions (preferably by assigning the permissions to whatever group(s) they're in). It's actually more common to use roles with other AWS services (instead of IAM users), such as giving temporary permissions to an EC2 instance. There are a few other use cases explained lower on this page, if it helps: docs.aws.amazon.com/IAM/latest/UserGuide/id.html.
Can we achieve the SAME ie allow this user the admin permission, by specifying his user arn in the trust policy of the role and just allowing sts:AssumeRole action in IAM policy attached to the user? Would that be right? Thank you in advance for answering 😊 😊😊
Hi Praveen! 😊 Sorry for the delayed response. Yes, that should achieve the same thing. Here's an example that's sort of similar to what you're saying: docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
method 1: Not using roles. And Controlling access by attaching policies to directly to user groups. method 2: Controlling access by creating roles(with relevant policies attached). And these roles will be assumed by users. Which is best in real time projects ?
Hi Shyam! Generally speaking, it's better to use roles so that credentials are only temporary. This is actually considered a best practice by AWS. Here's a full list of other security best practices: docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html.
What else do you want to learn in AWS? Let me know below in the comments!
I am trying to create a table from data loaded on s3. I am using glue. I already created IAM user. Then I created role with AmazonS3FullAccess and AWSGlueServiceRole. I also added policy to user according to your tutorial suing JSON {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::myaccountid:role/de-on-youtube-role-glue-s3"
}
} And Still when I try to create crawler I am not able it says Account (than my account Id) is denied access. Can you please advice? I am in base (trial version) trying to learn basics, so I do not have AWS support. Thank you!
Very good point showcasing that an IAM user has to have specific permissions just to assume a role. Not everybody explains this which is mandatory to being able to assume a role.
Yes! :) Thanks for watching!
Brushing up on my IAM knowledge and I appreciate the way you presented, easy and digestible to follow along! Thank you so much :D you are severely underrated
Awwww, shucks! Thank you SO much! This made my day! 😊
Easily explained, no nonsense. Saved time.❤❤
No nonsense...that's my motto! 🥰🙌 Thanks for watching!
This is a perfect snippet I needed to visually explain to a colleague this concept. Thank you!
You're so welcome! I'm glad it helped. Thanks for watching! 😊
Many thanks for the video, at last, I learned this concept.
Yay! I'm so glad. Thanks for watching! 😊
you are the best
No, YOU are!! 😄😂
Could you provide any use cases where you should use switch role rather than just adding permission directly to the IAM user?
Hi Ronald! It's a good question! Generally, roles are used when someone (or something) only needs temporary credentials to do something. If a user needs to take some action every day, it would be better to just give them those permissions (preferably by assigning the permissions to whatever group(s) they're in). It's actually more common to use roles with other AWS services (instead of IAM users), such as giving temporary permissions to an EC2 instance. There are a few other use cases explained lower on this page, if it helps: docs.aws.amazon.com/IAM/latest/UserGuide/id.html.
Can we achieve the SAME ie allow this user the admin permission, by specifying his user arn in the trust policy of the role and just allowing sts:AssumeRole action in IAM policy attached to the user? Would that be right? Thank you in advance for answering 😊 😊😊
Hi Praveen! 😊 Sorry for the delayed response. Yes, that should achieve the same thing. Here's an example that's sort of similar to what you're saying: docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
@@TinyTechnicalTutorials thank you 🙏
method 1:
Not using roles.
And Controlling access by attaching policies to directly to user groups.
method 2:
Controlling access by creating roles(with relevant policies attached).
And these roles will be assumed by users.
Which is best in real time projects ?
Hi Shyam! Generally speaking, it's better to use roles so that credentials are only temporary. This is actually considered a best practice by AWS. Here's a full list of other security best practices: docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html.
thank you easly understandable
I'm so glad! Thanks for watching! 😊
Is it okey to show AccountId and Account alias?
I'm just curious :)
Generally not a good idea. 😉
Hi I have done the same but if i click switch roles in IAM user Its refreshing nothing is happening
someone facing this issue please activate IAM User and Role Access to Billing Information so that it will work.Thanks!
Thanks for the update, Saru! Hopefully this helps someone else! 🙏
искал медь (copper), а нашеле золото (gold)
LOL!! Thanks so much! 😊🌟🙏