Name: Using IAM Instance Roles for AWS Resource Access
Uploaded: 2020-10-26T16:12:37Z
Duration: 40
Description: Ensuring that you have restricted access to your AWS resources based on instance policies will allow you to ensure that proper segmentation is in place within your environment.

Using IAM Instance Roles for AWS Resource Access

Restrict Access to Resources with Instance Roles

Understanding instance roles is key to understanding AWS IAM architecture. Recommendation 1.19 of the CIS AWS Foundations Benchmark states that by ensuring IAM instance roles are used for AWS resource access, you reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. Ensuring that you have restricted access to your AWS resources based on instance policies will allow you to ensure that proper segmentation is in place within your environment.

For more information, visit the AWS documentation on using IAM roles for EC2 instances.

Transcription

Identity and Access Management within AWS is probably one of the most complex architectural understandings when it comes to AWS implementation. One critical concept within the AWS IAM architecture is that of instance roles. Ensuring that your EC2 instances have proper access to their AWS resources is a critical understanding that has to be implemented within your environment. Ensuring that you have restricted access to your resources based on instance policies will allow you to ensure that proper segmentation is in place within your environment.

Using IAM Instance Roles for AWS Resource Access

Related Videos

AWS Controls for Implementing a DMZ

AWS Functions to Restrict Database Access

AWS Password Best Practices

AWS Password Expiration Policies

AWS Password Reuse Policy

AWS Tools for Your SDLC

Access Control Using IAM Instance Roles

Assign Access Based on Business Need to Know

Attaching IAM Policies to Groups or Roles

Avoid Use of the Root Account

Basics of Role Assumption

Best Practices for Change Management in AWS

Best Practices for Password Parameters

Cloud Attacks on the Rise

Configuring Network Border Controls

Creating a Data Flow Diagram

Creating a Network Diagram

Define Acceptable Use of Technology Part 1

Defining Resources in IAM Policies

Defining Resources in S3 Bucket Policies

Defining Roles and Responsibilities in AWS

Developing a Process for User Authentication

Disabling Insecure Ports and Protocols

Disabling Unused Credentials

Do All Keys Have Resources Attached?

Documenting a Systems Inventory in AWS

Enabling MFA for All IAM Users

Encrypting Traffic In and Out of AWS

Encryption Decisions for Your Technology Stack

Encryption Opportunities

Encryption for EBS Volumes

Encryption for S3 Buckets

Enforce Separation with Access Controls

Enforcing Strong Encryption in AWS

Enforcing Strong TLS Ciphers

Events that Drive Key Rotation

House Accounts in CloudTrail

How to Attach IAM Policies to Groups or Roles

How to Check MFA in a Credential Report

How to Check Use of the Root Account

How to Configure Encryption for EBS Volumes on Existing EC2 Instances

How to Configure Encryption for EBS Volumes on New EC2 Instances

How to Configure Encryption for RDS

How to Configure Encryption for S3 Buckets

How to Find Administrative Privileges in IAM Policies

How to House Multiple Accounts Within an AWS Organization

How to Modify Password Complexity in a Password Policy

How to Modify Permissions to EBS Snapshots

How to Prevent Password Reuse in a Password Policy

How to Restrict Public Access to S3 Buckets

How to Use S3 Bucket Policies

IAM Policies for Account Authentication

IAM Policies that Address Administrative Privileges

Identifying Unused Credentials in a Credential Report

Industry Best Practices for Configuration Standards

Introduction to AWS Network Firewall

Introduction to Amazon EKS

Introduction to Amazon S3 Access Points

Introduction to IAM Access Analyzer

Key Rotation and Management

Load Balancers Must Require TLS 1.2

MFA for API Calls

Meeting Firewall and Router Configuration Standards

Network Segmentation for AWS

Performing Code Review Prior to Release

Physical Security Responsibilities for AWS

Physical Security Responsibilities for AWS Users

Physical Security Threats for AWS

Prevent Shared, Group, or Generic Accounts in AWS

Preventing Public Accessibility on DB Instances

Preventing Publicly Available CloudTrail Logs

Preventing Publicly Available S3 Buckets

Protecting Web Applications in AWS

Publish and Maintain an Information Security Policy

Quarterly Reviews of Your Security Program

Restricting Access to EBS Snapshots

Reviewing Firewall and Router Configurations

Rotating Access Keys