Brilliant use of 'e' to tee up expectations for the session. I've been cutting and trying IAM and stopped here to get a deeper understanding and you delivered much appreciated insight.
This is the first time I've tried to understand what happens when an API call is made to a resource. How granular control we have over who gets what. Presentation was good and it gave a deep insight to where we need to strict the policies and where to not. Kudos Sister.
I an such a fan of presentations u get all excited just helping others understand when I tell someone about aws I get all enthusiastic teaching new players how we game lol be nice to work with you personally knowing how much anyone could take and run with and if there passionate like us possible outcomes are truly limiless
Extremely smart talk! Interesting about the Control and Data Planes. Seldom discussed in AWS especially as pertaining to IAM. Great discussion S3 permissions, which I was recently asked during an interview. Thanks Becky!
lol yup differential of exp(x) is itself -- maybe IAM is just as natural, a feature of nature - natural access management :D Like the explanation of the vision behind IAM, the resilience, availability and caching behind it.
I did not understand how the SCP at ruclips.net/video/YMj33ToS8cI/видео.html has a Condition with String not equal to the resourceorg id. We not want anyone to put any object to our org so shouldnt that be stringequal instead of not equal ?
Hi @gauravrai1205, Original Answer If you see the action = deny, so if the orgid does not match "o-a1b2c3", then deny. Which mean only allow "o-a1b2c3". I would like someone to correct me if I am wrong, would highly appreciate it. Thanks! Edited: I realised 2 hrs later :) , implicit deny will not allow, hence Gaurav's question remains unanswered.
The Effect is DENY. If the resource id is not equal the organization's resource id, deny the request. Also, the video url at that time is ruclips.net/video/YMj33ToS8cI/видео.html
![AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)](/img/1.gif)
Best description I've seen of IAM. Lens of control plane - data plane is key!
Brilliant use of 'e' to tee up expectations for the session. I've been cutting and trying IAM and stopped here to get a deeper understanding and you delivered much appreciated insight.
This is the first time I've tried to understand what happens when an API call is made to a resource. How granular control we have over who gets what. Presentation was good and it gave a deep insight to where we need to strict the policies and where to not. Kudos Sister.
I an such a fan of presentations u get all excited just helping others understand when I tell someone about aws I get all enthusiastic teaching new players how we game lol be nice to work with you personally knowing how much anyone could take and run with and if there passionate like us possible outcomes are truly limiless
Extremely smart talk! Interesting about the Control and Data Planes. Seldom discussed in AWS especially as pertaining to IAM. Great discussion S3 permissions, which I was recently asked during an interview. Thanks Becky!
Becky is the greatest!
lol yup differential of exp(x) is itself -- maybe IAM is just as natural, a feature of nature - natural access management :D Like the explanation of the vision behind IAM, the resilience, availability and caching behind it.
Good talk, thanks!!!
got it. AWS is like Italian red tape.
Good stuff, but the guy helping people find a seat was super distracting.
Exactly !! it was annoying, I can imagine it was distracting to her as well.
They should hire much shorter people for that job.
need to do everything before class starts .. but difficult to control the mind
I did not understand how the SCP at ruclips.net/video/YMj33ToS8cI/видео.html has a Condition with String not equal to the resourceorg id. We not want anyone to put any object to our org so shouldnt that be stringequal instead of not equal ?
Hi @gauravrai1205,
Original Answer
If you see the action = deny, so if the orgid does not match "o-a1b2c3", then deny.
Which mean only allow "o-a1b2c3".
I would like someone to correct me if I am wrong, would highly appreciate it. Thanks!
Edited:
I realised 2 hrs later :) , implicit deny will not allow, hence Gaurav's question remains unanswered.
I think boundry policies are meant to filter out. This does not mean you allow.
The Effect is DENY. If the resource id is not equal the organization's resource id, deny the request. Also, the video url at that time is ruclips.net/video/YMj33ToS8cI/видео.html
I also didnt know that e thing
wish the chubby guy would just sit down and stop blocking the camera
I am directly going to skip till 3:02
I almost left after all the math talk
IAM should be a fascinating topic but you made it stale by talking about other unrelated things... boring presentation!