AWS Security Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 55: Line 55:


===Create an ECS Task Role===
===Create an ECS Task Role===
This is the procedure to create an [[Amazon_ECS_Operations#Create_a_Task_Definition|ECS task definition]] task role.


Go to IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role  
Go to IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role  
{{Warn|Only roles that have the "Amazon EC2 Container Service Task Role" [[Amazon_AWS_Security_Concepts#Trust_Relationship|trust relationship]] are shown here. If you create a new Task Role, make sure it has this trust relationship.}}


Select type of trusted entity: AWS service
Select type of trusted entity: AWS service

Revision as of 05:33, 6 February 2019




In process of being migrated from https://home.feodorov.com:9443/wiki/Wiki.jsp?page=AmazonSecurity


Internal

Setting AWS Credentials

Setting AWS Credentials

Create a Key Pair

Amazon AWS instance access key pairs are explained here.

External reference for the procedures to create (or import) a key pair: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair

This procedure describes how to create the em provisioning key pair:

Go to the EC2 console https://us-west-2.console.aws.amazon.com/ec2/v2/home.

Left tab -> Network and Security -> Key Pairs -> Create Key Pair

The key is created and the file containing the private key is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.

Create a Security Group

Create a Security Group http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-base-security-group

List the Security Groups

EC2 Console -> Resources -> Security Groups.

IAM Operations

Create an IAM User

Creating an IAM user:

Creating an IAM User in Your AWS Account

Create an IAM Group

Creating an IAM group:

Creating IAM Groups

Create an IAM Role

Creating an IAM role:

Creating IAM Role

Create an ECS Task Role

This is the procedure to create an ECS task definition task role.

Go to IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role


Only roles that have the "Amazon EC2 Container Service Task Role" trust relationship are shown here. If you create a new Task Role, make sure it has this trust relationship.


Select type of trusted entity: AWS service

Chose the service that will use this role: Elastic Container Service

Select your use case: Elastic Container Service: Allows ECS to create and manage AWS resources on your behalf.

Next: Permissions

Comes pre-configured with "AmazonEC2ContainerServiceRole"

Next: Tags

Next: Review

Role name: playground-themyscira-task-role

Role description: The task role for the playground-themyscira task definition.

Trusted entities AWS service: ecs.amazonaws.com

Policies: AmazonEC2ContainerServiceRole

Permissions boundary: Permissions boundary is not set

Managing IAM Policies

Managing IAM Policies

Create an IAM Policy

Creating an IAM Policy:

Creating IAM Policies

Edit an IAM Policy

Editing IAM Policies
Retrieved from "https://kb.novaordis.com/index.php?title=AWS_Security_Operations&oldid=54484"