Amazon AWS Security: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 29: Line 29:
There are two types of access keys:
There are two types of access keys:


# '''Access key ID''' (example AKIAIOSFODNN7EXAMPLE) 2)  
# '''Access key ID''' (example <tt>AKIAIOSFODNN7EXAMPLE)</tt>)
# '''Secret access key''' (example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)
# '''Secret access key''' (example: <tt>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</tt>)


When creating an access key, IAM returns the access key id and the secret access key. The secret access key is only accessible at the time it was created. If the secret access key is lost, the corresponding access key must be deleted and recreated.  
When creating an access key, IAM returns the access key id and the secret access key. The secret access key is only accessible at the time it was created. If the secret access key is lost, the corresponding access key must be deleted and recreated.  
Line 36: Line 36:
<font color=red>Relationship between Access Key ID and Secret Key?</font>
<font color=red>Relationship between Access Key ID and Secret Key?</font>


Can be managed here: [https://console.aws.amazon.com/iam/home?#security_credential] by navigating to Users -> username -> Security Credentials -> Access Credentials.
The access keys can be managed here: https://console.aws.amazon.com/iam/home?#security_credential by navigating to Users -> username -> Security Credentials -> Access Credentials.


More about access keys for IAM users: [http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html]
More about access keys for IAM users: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html


For details on how access keys can be set in the local environment, see
For details on how access keys can be set in the local environment, see [[Amazon EC2 CLI#SetTheAccessKeys]].
 
|[Amazon EC2 CLI#SetTheAccessKeys]

Revision as of 17:40, 11 February 2016




In process of being migrated from https://home.feodorov.com:9443/wiki/Wiki.jsp?page=AmazonSecurity


Internal

IAM User

An IAM user is a person, system, or application who can use AWS products, each with individual security credentials, all controlled by and billed to a single AWS account. With IAM, each user is allowed to do only what they need to do as part of the user's job.

TODO, continue with IAM concepts http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Concepts.html 

AWS root Account (ovidiu@novaordis.com)
     |
     +---- IAM Users
                |
                +-- ofeodorov

API Access Keys

Each IAM user has a set of API access keys. These keys are needed when the user attempts to make programmatic calls to AWS or EC2, using Amazon EC2 CLI tools for example. The user can create, modify, view and rotate these access keys.

There are two types of access keys:

  1. Access key ID (example AKIAIOSFODNN7EXAMPLE))
  2. Secret access key (example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)

When creating an access key, IAM returns the access key id and the secret access key. The secret access key is only accessible at the time it was created. If the secret access key is lost, the corresponding access key must be deleted and recreated.

Relationship between Access Key ID and Secret Key?

The access keys can be managed here: https://console.aws.amazon.com/iam/home?#security_credential by navigating to Users -> username -> Security Credentials -> Access Credentials.

More about access keys for IAM users: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html

For details on how access keys can be set in the local environment, see Amazon EC2 CLI#SetTheAccessKeys.

Retrieved from "https://kb.novaordis.com/index.php?title=Amazon_AWS_Security&oldid=3133"