soma das


Custom IAM role & Policy | AWS IAM Tutorial | AWS identity and access management (iam)

So In this video tutorial, I will show you guys iam role and policy , step by step how to create custom iam role and policy , How to manage aws iam services

#aws training, #aws tutorial, #multi factor authentication, #components of iam , #aws iam, #aws certification,

What is GEEK

Buddha Community

Custom IAM role & Policy | AWS IAM Tutorial | AWS identity and access management (iam)

soma das


Custom IAM role & Policy | AWS IAM Tutorial | AWS identity and access management (iam)

So In this video tutorial, I will show you guys iam role and policy , step by step how to create custom iam role and policy , How to manage aws iam services

#aws training, #aws tutorial, #multi factor authentication, #components of iam , #aws iam, #aws certification,

Fredy  Larson

Fredy Larson


Identity Federation in AWS with Okta

Identity and access management is one of the key components of good cloud security, which is why Amazon Web Services’ seamless integration of its IAM tool with the rest of the Amazon ecosystem becomes one of its strong suits. Developers and administrators can manage user roles and access on a granular level across the entire ecosystem without jumping through hoops, and that is a big plus.

Okta is a service that understands that very well. As an identity solution, Okta doesn’t just unify identity management for all your team members and customers; it also allows for easy integration with IAM. Okta also comes with a handful of features that make managing identities a breeze. Identity federation in AWS with Okta is a fantastic way to unified identity management.

A Closer Look

Okta’s integration with AWS IAM is based on single sign-on with SAML, which makes the whole process easy to navigate and manage. Basically, you have the ability to download roles from IAM and then assign them to users already on Okta. This gives administrators the flexibility they need without adding complexity to user management.

It doesn’t stop there either. Okta allows multiple roles to be assigned to a single user. On top of that, users can be assigned roles for a certain period of time, after which the role is lifted, and the user is denied access to the allocated AWS services and features.

There is no limit to the number of roles and users to connect with each other. In fact, Okta users can also benefit from connection to multiple AWS accounts, so roles from different cloud accounts can be managed by the same team members without requiring manual user generation on AWS IAM directly. As long as roles are configured, the rest is easy.

There is one added benefit to enjoy from integrating Okta with AWS IAM, and that is the flexibility that users can have upon logging in. When users log in to AWS, they will be presented with all the roles that are assigned to their user ID, giving them the option to log in as any roles as they see fit and allowing them to get the permissions they need at the right time.

#aws #okta #iam #identity access management #iam software #federation #iam policy #federated identity #okta community

Rory  West

Rory West


AWS Access Keys v/s IAM Roles

AWS Access Key lets you access various AWS services using the command line on your DEV machine. But it comes with a lot of risks. Let’s look at what harm it can cause and what are the alternatives like IAM Roles.

How I got hacked

I was a power user of AWS access keys. I use to love the command-line interface of AWS Client. All the EC2 instances, I was running had the keys. Keys were in the code of a few of the services we were running.

I had to travel and I used various public WiFi access points. Not sure how the hackers got my keys from my machine, but they got it. While I was away from work, they created large EC2 instances in our account and started running their code. They were smart, they used to run the instances in the regions we were not using.

When we came to know, we decided to move away from the access keys and start using IAM Roles. It took us quite some time to create IAM roles, provision our code, and change the deployment scripts. We kept twerking these roles for the coming 2–3 weeks.

#aws-iam-role #cloud #aws-lambda #aws-access-keys #aws

Jack Forbes

Jack Forbes


What Is Customer Identity and Access Management?

Customer Identity and Access Management provides the convenience of a centralized customer database that connects all other apps and services for a safe and seamless customer experience.
CIAM streamlines every business operation that involves dealing with individual consumers, including those who haven’t yet registered on your site.

Importance of CIAM

For Customers: Today, every business aspires to be a technology firm. Customer needs are shifting as a result of the expansion of channels, devices, platforms, and touchpoints. And having a secure experience with such interactions is crucial.

For Businesses: Traditionally, customer identity and access management has been a consumer use case (B2C). However, a firm might be a client of an organisation (B2B). As consumers demand more from the organisations with whom they do business, the new method of doing business encompasses a wide range of markets and use cases.

A CIAM solution includes various enterprise-level capabilities that can help increase security, improve customer data collection, and deliver crucial data to marketing and sales teams.

Benefits of Customer Identity and Access Management**

  1. Data and Accounts Security
    A standard CIAM system includes security features that protect data as well as account access. Risk-based authentication, for example, monitors each customer’s usage and login trends, making it easier to notice anomalous (and thus potentially fraudulent) activities.

  2. Each customer has a unified view
    You can acquire a complete picture of each consumer by linking the data from all of your services and websites. You can reach out to your consumers more easily and provide better service if you have a better understanding of them.

  3. Advanced Login Options
    These login methods help customers have a better experience, get more trust, or do both.

(i) Passwordless Login makes the login process easier and more secure by eliminating the need for a password. It also assists you in presenting your business as a modern, secure corporation that employs cutting-edge technology to protect your clients.

(ii) Customers can also log in using a generated link sent to their email address or a one-time password texted to their phone using One-Touch Login. Unlike Passwordless Login, however, the consumer does not need to be a current user in the system, and no credentials are required.

(iii) Smart Login allows users to log in quickly and securely to the internet of things (IoT) and smart gadgets, which are becoming an increasingly important aspect of today’s digital ecosystem. Smart login delegated the authentication process for smart TVs, gaming consoles, and other IoT devices to other devices that make inputting and managing passwords easier and more safe.

Final Thoughts:
Many companies use a customer identity management system to provide their customers with a modern digital experience. Customer account information, including data, consent, and activity, can all be accessed from one dashboard with a CIAM system like LoginRadius.

#customer #identity #access #management #benefits #importance

Christa  Stehr

Christa Stehr


How To Unite AWS KMS with Serverless Application Model (SAM)

The Basics

AWS KMS is a Key Management Service that let you create Cryptographic keys that you can use to encrypt and decrypt data and also other keys. You can read more about it here.

Important points about Keys

Please note that the customer master keys(CMK) generated can only be used to encrypt small amount of data like passwords, RSA key. You can use AWS KMS CMKs to generate, encrypt, and decrypt data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

You must use and manage data keys outside of AWS KMS. KMS API uses AWS KMS CMK in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.


We want to create signup and login forms for a website.

Passwords should be encrypted and stored in DynamoDB database.

What do we need?

  1. KMS key to encrypt and decrypt data
  2. DynamoDB table to store password.
  3. Lambda functions & APIs to process Login and Sign up forms.
  4. Sign up/ Login forms in HTML.

Lets Implement it as Serverless Application Model (SAM)!

Lets first create the Key that we will use to encrypt and decrypt password.

    Type: AWS::KMS::Key
      Description: CMK for encrypting and decrypting
        Version: '2012-10-17'
        Id: key-default-1
        - Sid: Enable IAM User Permissions
          Effect: Allow
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:root
          Action: kms:*
          Resource: '*'
        - Sid: Allow administration of the key
          Effect: Allow
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyAdmin}
          - kms:Create*
          - kms:Describe*
          - kms:Enable*
          - kms:List*
          - kms:Put*
          - kms:Update*
          - kms:Revoke*
          - kms:Disable*
          - kms:Get*
          - kms:Delete*
          - kms:ScheduleKeyDeletion
          - kms:CancelKeyDeletion
          Resource: '*'
        - Sid: Allow use of the key
          Effect: Allow
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyUser}
          - kms:DescribeKey
          - kms:Encrypt
          - kms:Decrypt
          - kms:ReEncrypt*
          - kms:GenerateDataKey
          - kms:GenerateDataKeyWithoutPlaintext
          Resource: '*'

The important thing in above snippet is the KeyPolicy. KMS requires a Key Administrator and Key User. As a best practice your Key Administrator and Key User should be 2 separate user in your Organisation. We are allowing all permissions to the root users.

So if your key Administrator leaves the organisation, the root user will be able to delete this key. As you can see **KeyAdmin **can manage the key but not use it and KeyUser can only use the key. ${KeyAdmin} and **${KeyUser} **are parameters in the SAM template.

You would be asked to provide values for these parameters during SAM Deploy.

#aws #serverless #aws-sam #aws-key-management-service #aws-certification #aws-api-gateway #tutorial-for-beginners #aws-blogs