The AWS DevOps Master Workshop

IAM Secure on AWS


Learn the Critical Security Workflows and Tools on AWS

Enroll Now

Learn Identity and Access Management on AWS, the tools around it, and how to secure modern AWS cloud infrastructures.

WHAT You'll Learn

Best Practices for Account Security

If you're just using your root AWS account, or one all-powerful user, you're playing it risky. Learn how to properly lockdown you AWS account and give your account users just enough permissions to do what they need to do.

AWS Command Line Interface Version 2.0

The console is an incredible interface but learning how to use the newest version of the AWS CLI will super charge your AWS productivity and understanding. Learn the AWS CLI v2 in context of working with security.

Deep Security of EC2 Instances

At the heart and soul of every AWS infrastructure is the EC2 Instance - the server. Learn how to give your servers just enough permissions to do what they need to, and make sure they expire and rotate regularly.

The Full IAM Policy Language

In AWS, we use the IAM Policy Language to define the security of EVERY SERVICE and RESOURCE on AWS. Policies are a list of rules that tell us who can do what with our AWS resources. Understanding this is critical to cloud security.

IAM Roles from Basic to Advanced

IAM Users are NOT how you give most things access in AWS. Instead we use IAM Roles to give temporary credentials and permissions to users, other AWS accounts, and services. We explore this topic completely - from basic tasks to advanced workflows.

Multi-User Management

Handling full teams can be come a flurry of confusion and insecurity. Learn best practices and tools for user management including Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).

Security Scripting with Python and Boto3

A good DevOps and Cloud practitioner has scripting on their tool belt for complex tasks. Learn how to create a security command-line interface utility with Python 3 and the official AWS Python SDK - Boto3.

Securing S3 Buckets, End-to-End

S3 buckets, policies, ACLs, and all of its security settings can be a delicate maze prone to breaches. We do an extensive deep dive into S3 security so that, by the end, you know practically everything about it.

Cross Account Access and Control

Although doing everything in one account is a good starting point, larger organizations use multiple accounts. Learn how to safely delegate access to other AWS Accounts and users without compromising your own.

AWS Access Management for Large Organizations

Larger organizations tend to use multiple AWS accounts. Learn how to manage multiple accounts under one "master" account that can monitor everything, scope permissions for child accounts, and consolidate billing.

Security Auditing and Analysis Tooling

How do you keep track of everything going on in your AWS Account(s)? Learn how to see access and activity across all users and accounts using tools like the IAM Access Analyzer, Access Advisor, CloudTrail, Organization Activity, and more.

HOW You'll Learn

Fully Featured Videos

All of the topics are taught across 70+, fully featured videos (and counting). Instead of reading through documentation, we'll learn everything by exploring concepts and doing technical projects.

Learn AWS IAM through 70+ fully featured videos

Nothing is skipped in the videos. You'l see every step required and line of code typed in the process of setting up security on AWS.

Detailed Text Steps and Code Samples

Under each video that involves project building, you'll find detailed text steps. If you get lost, you can easily figure out what's going on by reading through the steps. It's also the perfect reference for future projects.

Use our detailed text steps and code samples as a future reference

All steps, code snippets, files, and documentation links are available below every video. This means you won't have to waste time backtracking to find references and information.

Understand the How-To's AND the Why's

Every section and topic is split into two parts - the "How-To's" and the "Why's". In the how-to's, we build out projects and experiments to learn the day-to-day workflows. In the why's, we talk about the concepts, ideas, and WHY we've done the things we have.

Use our detailed text steps and code samples as a future reference

By covering both of these sides thoroughly, you'll be able to operate independently without having to reference tutorials and step-by-steps.

Course Curriculum

  Section 1: Introduction
Available in days
days after you enroll
  Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - Introduction
Available in days
days after you enroll
  Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - How-To's
Available in days
days after you enroll
  Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - Why's
Available in days
days after you enroll
  Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - Introduction
Available in days
days after you enroll
  Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - How-To's
Available in days
days after you enroll
  Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - Why's
Available in days
days after you enroll
  Section 4: The Policy Language In-Depth - Introduction
Available in days
days after you enroll
  Section 4: The Policy Language In-Depth - How-To's
Available in days
days after you enroll
  Section 4: The Policy Language In-Depth - Why's
Available in days
days after you enroll
  Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - Introduction
Available in days
days after you enroll
  Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - How-To's
Available in days
days after you enroll
  Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - Why's
Available in days
days after you enroll
  Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - Introduction
Available in days
days after you enroll
  Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - How-To's
Available in days
days after you enroll
  Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - Why's
Available in days
days after you enroll
  Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - Intros
Available in days
days after you enroll
  Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - How-To's
Available in days
days after you enroll
  Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - Why's
Available in days
days after you enroll
  Section 8: Simplifying Cross Account Access with Roles - Intros
Available in days
days after you enroll
  Section 8: Simplifying Cross Account Access with Roles - How-To's
Available in days
days after you enroll
  Section 8: Simplifying Cross Account Access with Roles - Why's
Available in days
days after you enroll
  Section 9: Symmetric Encryption with AWS Key Management Service - Intros
Available in days
days after you enroll
  Section 9: Symmetric Encryption with AWS Key Management Service - How-To's
Available in days
days after you enroll
  Section 9: Symmetric Encryption with AWS Key Management Service - Why's
Available in days
days after you enroll
  Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Intros
Available in days
days after you enroll
  Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 1
Available in days
days after you enroll
  Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 2
Available in days
days after you enroll
  Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 3
Available in days
days after you enroll
  Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Why's
Available in days
days after you enroll
  Section 11: Monitoring and Reporting Tools - Introduction
Available in days
days after you enroll
  Section 11: Monitoring and Reporting Tools - How-To's
Available in days
days after you enroll
  Series Conclusion
Available in days
days after you enroll
Pricing
$249

  • Lifetime Access
  • Unlimited Updates
  • Reusable Code Snippets
  • Project Based Learning
  • Text Version of Videos
  • 2020 Ready
Enroll Now

Why Learn IAM?

The Statistics of Growing Cloud Security Needs

Gartner projects the worldwide revenue of "Public Cloud" to grow to $331 BILLION by 2022. Gone are the days of laughing at the idea of hosting mission critical data and applications on "another company's computers." Instead, more than a third of organizations see cloud investments as a top three investment priority. And obviously, AWS has taken quite the share of the market for themselves.

But even though this mass movement to the cloud has made a lot of modern development easier...the security aspect is arguably messier. Not only are we playing by the basic security principles but also by the rules these cloud companies create for us to play by. Though we'd all hope that this would make creating secure infrastructures easier, the truth is that companies of all sizes are getting breached left and right. Facebook, Capital One, Toyota, Docker, Equifax, Yahoo, Adobe, T-Mobile. There's so many that it almost seems common to get hacked...except that each breach costs, on average, $3.92 million all the way up to $700 million.

Yes, some of these breaches are the result of extremely clever tactics. However, a wide majority of them, such as the Capital One breach of 2019, are the result of oversight and a lack of understanding about their cloud environment. To use an analogy, it's not that companies don't want their front door locked, or can't, it's that the locks can be so confusing to set up that they either neglect to do so, or do it incorrectly.

But Where Do You Start With Cloud Security?

And so you might be thinking "Okay, but how do I learn to prevent this stuff? How do I keep my company / product from winding up on front-page news due to a cloud data breach??"

Or maybe even something simpler like, "Being able to prevent a multi-million dollar data breach sounds like a valuable skill to have..."

After all, security, especially in context of the cloud, seems like an overwhelming topic. To some extent it is, but to return to our earlier analogy, who do you think is best positioned to secure the place you live in right now? You. Why? Because you know every nook and cranny of the place you live in, how someone could get in, and what they'd need to do so. You know all of the windows, doors, and entry points.

Well, similarly, securing a cloud infrastructure starts with that same idea - knowing the ins and outs of what you have. Once you know the ins and outs, much like knowing where all of the doors and windows are on your house, all you have to do is lock them up. And how do you do this on AWS? By using their Identity and Access Management (IAM) service. It is THE CORNERSTONE of SECURITY on AWS. It's how you tell AWS, and the resources you create, who can access them and under what conditions. It's why S3 buckets get breached. It's why EC2 servers get inappropriately accessed. And guess what? It doesn't have to be that complex or difficult to learn.

As someone with years of experience working in AWS and teaching / helping 1000s of developers on it - let me save you the 100s of hours that will otherwise go towards peeling through documentation, experimentation, and, worst case scenario, dealing with a security breach. In this course we'll take a hands-on, deep dive into IAM and make sure that you walk away with everything you need to work professionally with it. You'll be able to read, write, and modify any type of security policy for any service in AWS with FULL UNDERSTANDING of what's going on.

We don't just stop at the basics or trudge through documentation. We'll take the time to set up a full project that spans multiple AWS accounts and resources. The end result? A security skill set for AWS and the ability to lock-down any infrastructure built upon the most popular cloud provider in the market.

Your Instructor

J Cole Morrison

J Cole Morrison

Cloud Architect, Software Engineer, DevOps Lover, AWS Solutions Architect, Former TechStars HackStar, and Headmaster at Awsdevops.io!

I run a blog full of free tech guides on all things development, devops and cloud computing called Tech Guides and Thoughts.

The AWS DevOps Master Workshop

IAM Secure on AWS


Learn the Critical Security Workflows and Tools on AWS

Enroll Now
Days
Hours
Minutes
Seconds