Become an AWS pro by understanding IAM, learning to write policies, and configuring access. Get hands-on with realistic examples, developed by AWS Solution Certified Architects. No setup, no cleanup, no hassle.

A Practical Guide to AWS IAM by Tamás Sallai_468 x 60 .png

This course is about how AWS IAM works and how to write policies to control access in an AWS account. In this course, you will learn how AWS APIs work, explore different parts of the requests made to the APIs and elaborates on how access is determined. Additionally, you will dive into how to configure access inside AWS by describing the policy structure and the 5 policy types AWS supports.

Further, you will become familiar with how the elements in the request and the policies fit together. You will also determine whether the operation is allowed or denied by demonstrating through several step-by-step realistic examples that show exactly how IAM evaluates access, thus providing templates for how to apply these protections to AWS environments.

Lastly, this course offers you some practical tips on how to secure an account both as an administrator and as a developer. It explains the best practices and the usual pitfalls of AWS security.

AWS Security Fundamentals: A Practical Guide to AWS IAM

**CloudTrail** is a security service that captures what is happening inside the account and across multiple accounts. It stores data about most calls to the AWS APIs and allows browsing their metadata. It's primarily a security service, designed to help uncover how a breach happened, but it allows *some* insight into what is in a call that is made to the APIs.

# What does CloudTrail store?
CloudTrail stores logs for 90 days, but it's a best practice to configure it to send them to an S3 bucket for permanent storage. We can configure a **trail** to do that. But even without any configuration, we can go to the Console and browse the last events.

> **Note:** It can take up to 15 minutes for an event to appear in CloudTrail.

CloudTrail stores the event name, which is usually the name of the action, and the event source which corresponds to the prefix of the action. It also contains the identity of who initiated the call, and some additional metadata, such as request parameters, the IP address, the AWS region, and if the response was a failure or a success.

Learn about CloudTrail, a security service, what it stores, its use, and why it is important in the context of AWS APIs.

Introduction

Access Control Basics

User Management using IAM

IAM Policies

Request Evaluation Flow and Examples

Role Management Using Identity and Access Management (IAM)

How to Secure an AWS Account

Conclusion

Appendix

CloudTrail logging

What does CloudTrail store?