AWS Security Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 64: Line 64:
Next: Permissions
Next: Permissions


Role name: playground-themyscira
Comes pre-configured with "AmazonEC2ContainerServiceRole"


Role description: Allows ECS to create and manage AWS resources on your behalf.
Next: Tags
 
Next: Review
 
Role name: playground-themyscira-task-role
 
Role description: The task role for the playground-themyscira task definition.


Trusted entities AWS service: ecs.amazonaws.com
Trusted entities AWS service: ecs.amazonaws.com


For ECS: "AWS service: ecs-tasks"
Policies: AmazonEC2ContainerServiceRole
 
Policies: ?


Permissions boundary: Permissions boundary is not set
Permissions boundary: Permissions boundary is not set

Revision as of 05:08, 6 February 2019




In process of being migrated from https://home.feodorov.com:9443/wiki/Wiki.jsp?page=AmazonSecurity


Internal

Setting AWS Credentials

Setting AWS Credentials

Create a Key Pair

Amazon AWS instance access key pairs are explained here.

External reference for the procedures to create (or import) a key pair: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair

This procedure describes how to create the em provisioning key pair:

Go to the EC2 console https://us-west-2.console.aws.amazon.com/ec2/v2/home.

Left tab -> Network and Security -> Key Pairs -> Create Key Pair

The key is created and the file containing the private key is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.

Create a Security Group

Create a Security Group http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-base-security-group

List the Security Groups

EC2 Console -> Resources -> Security Groups.

IAM Operations

Create an IAM User

Creating an IAM user:

Creating an IAM User in Your AWS Account

Create an IAM Group

Creating an IAM group:

Creating IAM Groups

Create an IAM Role

Creating an IAM role:

Creating IAM Role

Go to IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role

Select type of trusted entity: AWS service

Chose the service that will use this role: Elastic Container Service

Select your use case: Elastic Container Service: Allows ECS to create and manage AWS resources on your behalf.

Next: Permissions

Comes pre-configured with "AmazonEC2ContainerServiceRole"

Next: Tags

Next: Review

Role name: playground-themyscira-task-role

Role description: The task role for the playground-themyscira task definition.

Trusted entities AWS service: ecs.amazonaws.com

Policies: AmazonEC2ContainerServiceRole

Permissions boundary: Permissions boundary is not set

Managing IAM Policies

Managing IAM Policies

Create an IAM Policy

IAM Policies.

Creating IAM Policies

Edit an IAM Policy

Editing IAM Policies