AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC303)
HTML-код
- Опубликовано: 7 фев 2025
- Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is "yes," this session is for you. We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
![AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)](http://i.ytimg.com/vi/YQsK4MtsELU/mqdefault.jpg)
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
This is why this guy is a Ninja and this presentation delivers the goods:
[1:56] "In my nearly 5 years at Amazon, I carve out a little time each day, each week to look through the forums, customer tickets to try to find out where people are having trouble. I try to solve those same problems myself"
Loving this guy's humour.
If you want to decode the quoted string output near the end, jq is your friend. Run it through once with a selector to get the raw string, and then a second time to pretty-print it.
This is the OG Ninja indeed.
In the "Limited Admin" sample, the admin has access to the iam:ChangePassword action for all resources. What prevents him to change the "true" administrator's password and gain full admin rights to the account?
Very helpful indeed
how do one create IAM policy to enforce tags whenever any new resources are created in AWS ?
it can be automated using IAM policy right ?
Could you explain roles and responsibilities for AWS Administrator
Very good one!
20 minutes after reading the documentation, I think i finally understood why this iam policies do not work : ec2:RunInstances api action is called when you are launching an instance, it creates multiple ressources like "Key pair", "Network interface" which dont have the ec2:InstanceType condition key, so the launch failed. docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-iam-actions-resources.html docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html
How do i download the presentation ? Can anyone provide the link ?
www.slideshare.net/AmazonWebServices/aws-reinvent-2016-become-an-aws-iam-policy-ninja-in-60-minutes-or-less-sac303
Why not just open up incognito windows?
How can I get this powerpoint from video?
www.slideshare.net/AmazonWebServices/aws-reinvent-2016-become-an-aws-iam-policy-ninja-in-60-minutes-or-less-sac303
how to download aws credentials in csv format?
Thanks a lot Jeff, Best re:invent video i've watched so far. Very well done Sir!!!
Great session, but needs a more personable intro. :)
I felt little rudeness at the start :(
The same
Isn't he joking that there are so few people there?