AWS Security Operations: Difference between revisions
| Line 60: | Line 60: | ||
IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role | IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role | ||
Select type of trusted entity: "AWS service" | |||
Choose the service that will use this role: "Elastic Container Service" | |||
Select | Select your use case: "Elastic Container Service Task: Allows ECS tasks to call AWS services on your behalf." | ||
Next: Permissions | |||
Select | Select: AmazonECS_FullAccess ("Provides administrative access to Amazon ECS resources and enables ECS features through access to other AWS service resources, including VPCs, Auto Scaling groups, and CloudFormation stacks") | ||
Set permissions boundary: Create role without permissions boundary | |||
Next: Tags | Next: Tags | ||
| Line 77: | Line 76: | ||
Next: Review | Next: Review | ||
Role name: | Role name: PlaygroundThemysciraTaskRole | ||
Description: The ECS task role for the playground-themyscira task definition. | |||
Trusted entities AWS service: ecs.amazonaws.com | Trusted entities: AWS service: ecs-tasks.amazonaws.com | ||
Policies: | {{Warn|Only roles that have "ecs-tasks.amazonaws.com" as Trusted entity are shown in the Task Role drop-down on Task Definition creation, so make sure that "Trusted entities" contains "AWS service: ecs-tasks.amazonaws.com"}} | ||
Policies: AmazonECS_FullAccess | |||
Permissions boundary: Permissions boundary is not set | Permissions boundary: Permissions boundary is not set | ||
Create Role. | |||
==Managing IAM Policies== | ==Managing IAM Policies== | ||
Revision as of 05:56, 6 February 2019
Internal
Setting AWS Credentials
Create a Key Pair
Amazon AWS instance access key pairs are explained here.
External reference for the procedures to create (or import) a key pair: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair
This procedure describes how to create the em provisioning key pair:
Go to the EC2 console https://us-west-2.console.aws.amazon.com/ec2/v2/home.
Left tab -> Network and Security -> Key Pairs -> Create Key Pair
The key is created and the file containing the private key is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.
Create a Security Group
Create a Security Group http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-base-security-group
List the Security Groups
EC2 Console -> Resources -> Security Groups.
IAM Operations
Create an IAM User
Creating an IAM user:
Create an IAM Group
Creating an IAM group:
Create an IAM Role
Creating an IAM role:
Create an ECS Task Role
This is the procedure to create an ECS task definition task role.
IAM Console: https://us-west-2.console.aws.amazon.com/iam/home#roles -> Create Role
Select type of trusted entity: "AWS service"
Choose the service that will use this role: "Elastic Container Service"
Select your use case: "Elastic Container Service Task: Allows ECS tasks to call AWS services on your behalf."
Next: Permissions
Select: AmazonECS_FullAccess ("Provides administrative access to Amazon ECS resources and enables ECS features through access to other AWS service resources, including VPCs, Auto Scaling groups, and CloudFormation stacks")
Set permissions boundary: Create role without permissions boundary
Next: Tags
Next: Review
Role name: PlaygroundThemysciraTaskRole
Description: The ECS task role for the playground-themyscira task definition.
Trusted entities: AWS service: ecs-tasks.amazonaws.com
Only roles that have "ecs-tasks.amazonaws.com" as Trusted entity are shown in the Task Role drop-down on Task Definition creation, so make sure that "Trusted entities" contains "AWS service: ecs-tasks.amazonaws.com"
Policies: AmazonECS_FullAccess
Permissions boundary: Permissions boundary is not set
Create Role.
Managing IAM Policies
Create an IAM Policy
Creating an IAM Policy: