Autoplay
Autocomplete
Previous Lesson
Complete and Continue
IAM Secure on AWS
Section 1: Introduction
1 - Introduction (3:53)
2 - What You Need to Know (3:02)
3 - How This Course is Structured (2:57)
4 - Things to Have Set Up (1:38)
Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - Introduction
1 - Introduction (2:03)
Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - How-To's
1 - Exploring IAM (10:55)
2 - Creating Our Developer User and Group (10:29)
3 - Setting up the AWS CLI and Profiles (18:25)
4 - Exploring the AWS CLI Credentials and Config (10:09)
Section 2: Set up, Basics, AWS CLI v2, and Terminology Deep Dive - Why's
1 - Accounts (4:07)
2 - Users (3:29)
3 - Groups (3:55)
4 - Policy Basics and Managed Policies (4:20)
5 - Terminology to Know (7:20)
Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - Introduction
1 - Introduction (4:51)
Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - How-To's
1 - Setting up a Key Pair and EC2 Instance (8:08)
2 - Creating an IAM Role and Policy for Our Instance (17:56)
3 - Exploring Instance Metadata (11:39)
4 - Instance Profiles (23:56)
Section 3: Roles, Instances, Instance Metadata, and Amazon Resource Names (ARNs) - Why's
1 - Roles - Main Concepts (8:17)
2 - Roles - STS and Types of Roles (4:08)
3 - Roles - External Users (2:53)
4 - Amazon Resource Names (11:16)
Section 4: The Policy Language In-Depth - Introduction
1 - Section 4 Introduction (2:20)
Section 4: The Policy Language In-Depth - How-To's
1 - Making a Policy From Scratch (21:17)
2 - Adding Read, Write, and Delete Permissions (13:42)
3 - Using Policy Conditions (10:32)
4 - Advanced Policy Conditions, ABAC, and Tags (26:43)
5 - Policy Wildcards (Part One) (23:41)
6 - Policy Wildcards (Part Two) (19:39)
Section 4: The Policy Language In-Depth - Why's
1 - Policies and How to Think About Them (8:16)
2 - Policy Structure Part One (Version, ID, Statement) (4:28)
3 - Policy Structure Part Two (Sid, Effect, Action, Resource) (14:50)
4 - Policy Structure Part Three (Principals) (7:54)
5 - Policy Structure Part Four (Conditions I) (10:39)
6 - Policy Structure Part Five (Conditions II) (13:33)
7 - Policy Structure Part Six (NotPrincipal, NotAction, NotResource) (5:37)
8 - How to Build Policies (8:19)
9 - RBAC vs ABAC and Tags (7:54)
Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - Introduction
1 - Introduction (2:42)
Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - How-To's
1 - Creating a Dynamic Policy (13:47)
2 - Creating and Using a Role for Users (12:22)
3 - Creating the Permissions Policy for Our Role (14:44)
4 - Using Roles Manually via AWS CLI (10:00)
5 - Using Roles via Config File (14:18)
6 - Scripting Workflows with Python and Boto3 (14:35)
7 - Scripting Our Bucket Admin Workflow (35:39)
8 - Turning Our Script into a CLI Utility (10:11)
9 - Capturing Input for Using a Custom Role (11:35)
10 - Using Custom Roles via STS and Scripting (33:19)
11 - Using a New Role With Our Script (6:01)
12 - Using Session Policies With STS (14:44)
Section 5: Advanced Roles, Temporary Credentials, and Scripting with the AWS SDK - Why's
1 - Roles For Users (6:34)
2 - The STS Assume Role Workflow (8:47)
3 - Session Policies (9:38)
4 - A Scripting Workflow (6:47)
Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - Introduction
1 - Introduction (2:53)
Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - How-To's
1 - Resource Policies and Shared S3 Folders (27:46)
2 - Resource Policies and Public S3 Folders (14:18)
3 - Exploring Bucket ACLs vs. Bucket Policies (23:09)
4 - Second Account Set UP and Cross Account Access (7:35)
5 - Cross Account Access Part One (18:13)
6 - Cross Account Access Part Two (15:19)
Section 6: Resource Policies, S3 Deep Dive, and Cross Account Access - Why's
1 - Resource vs. Identity Policies (6:14)
2 - Policy Evaluation - Identity and Resource Policies (1:44)
3 - Resource Policy Principals (2:40)
4 - Resource Policies vs. S3 ACLs (6:29)
5 - Cross Account Access with Resource Policies (1:39)
6 - Ownership of S3 Objects (4:00)
7 - S3 Block Public Access (5:24)
Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - Intros
1 - Introduction (6:24)
2 - What We're Building (1:58)
Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - How-To's
1 - AWS Organization Setup (17:19)
2 - Accessing Member Accounts as the Master (14:13)
3 - Organizational Units and Service Control Policies Part 1 (15:52)
4 - Organizational Units and Service Control Policies Part 2 (10:45)
5 - Tag Policies (19:33)
6 - Vendor Bucket Setup (7:47)
7 - Server Side Encryption for S3 (19:21)
8 - Consumer Account Setup and Using Server Side Encryption (12:15)
9 - Setting Up Logging with CloudTrail (23:00)
10 - Producer Account Setup (8:53)
11 - Consolidated Billing (4:09)
Section 7: Managing Many Accounts with AWS Organizations, Cross Account Access, and Logging - Why's
1 - AWS Organizations Terminology (7:15)
2 - Service Control Policies (12:16)
3 - Permissions Boundary Policies (6:29)
4 - Policy Evaluation (11:50)
5 - CloudTrail Overview (6:44)
6 - Server Side Encryption (5:01)
Section 8: Simplifying Cross Account Access with Roles - Intros
1 - Introduction (1:51)
2 - The Cross Account Communication Problem (4:44)
Section 8: Simplifying Cross Account Access with Roles - How-To's
1 - Exploring the Cross Account Communication Problem (19:51)
2 - Creating the Bucket Messenger Roles (9:35)
3 - Setting Up the Bucket Messenger Role (8:31)
4 - Using the Bucket Messenger Roles (10:56)
Section 8: Simplifying Cross Account Access with Roles - Why's
1 - Coming up with AWS Solutions (11:28)
Section 9: Symmetric Encryption with AWS Key Management Service - Intros
1 - Introduction (2:33)
2 - What We're Building (1:43)
Section 9: Symmetric Encryption with AWS Key Management Service - How-To's
1 - Making the Symmetric Key (20:46)
2 - Encrypting Messages (11:29)
3 - Decrypting Messages (11:32)
4 - The Full KMS Encryption and Decryption Flow (12:21)
5 - Preparing for Envelope Encryption (9:41)
6 - Envelope Encryption (23:26)
Section 9: Symmetric Encryption with AWS Key Management Service - Why's
1 - What is Cryptography? (15:20)
2 - Symmetric Encryption (5:06)
3 - Symmetric Algorithms (5:16)
4 - More on AES (16:38)
5 - AES Variations (16:03)
6 - AWS KMS (6:51)
7 - Envelope Encryption (5:05)
Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Intros
1 - Section 10 Introduction (15:29)
2 - What We're Building (7:11)
Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 1
1 - Project 1 Introduction (7:30)
2 - Creating the Asymmetric Key Pair (17:39)
3 - Signing Messages (12:14)
4 - Verifying Messages (5:41)
Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 2
1 - Project 2 Introduction (4:06)
2 - Public Key and Permissions (12:54)
3 - Signing the Message (6:25)
4 - Verifying the Message (9:42)
Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Project 3
1 - Project 3 Introduction (6:55)
2 - The Flow of Project 3 (9:09)
3 - The Producer Signing Key (2:41)
4.- The Producer Encryption Key (10:19)
5 - The Consumer Signing Key (6:08)
6 - The Consumer Encryption Key (8:46)
7 - Creating the Symmetric Key (20:04)
8 - Encrypting the Message (5:55)
9 - Encrypting the Symmetric Key (16:16)
10 - Signing the Key and Message (9:27)
11 - Downloading the Encrypted Items and Keys (3:27)
12 - Verifying and Decrypting the Key and Message (13:48)
13 - Messaging the Producer (11:55)
Section 10: Asymmetric Encryption with AWS KMS and Public Key Cryptography Deep Dive - Why's
1 - Asymmetric Encryption Concepts (16:00)
2 - Public Key Cryptography Concepts (11:06)
3 - Hash Functions and Digests (10:22)
4 - Digital Signatures (14:57)
5 - Keys (13:42)
6 - Key Generation (3:01)
7 - Key Exchange (9:33)
8 - Diffie-Hellman Key Exchange (12:46)
9 - Modern Key Exchange (14:53)
10 - RSA Mathematics by Hand (27:16)
11 - RSA Math by Standards (23:28)
12 - Transition from RSA (5:42)
13 - Elliptic Curve Cryptograrphy Pt 1 (21:03)
14 - Elliptic Curve Cryptography Pt 2 (18:04)
15 - Hybrid Encryption (12:18)
16 - File Formats for Keys (9:58)
17 - The Quantum Threat to Encryption (5:03)
Section 11: Monitoring and Reporting Tools - Introduction
1 - Section 11 Introduction (1:37)
Section 11: Monitoring and Reporting Tools - How-To's
1 - IAM Access Advisor (14:35)
2 - CloudTrail In-Depth (18:50)
3 - IAM Access Analyzer (14:49)
4 - Organization Activity (8:11)
5 - Credential Report (2:05)
6 - Resource Groups and Tagged Resources (16:34)
Series Conclusion
The End (2:50)
6 - Key Generation
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock