Skip to Content
View all events

AWS IAM, Accounts, and Organizations Deep Dive

Published by Pearson

Intermediate to advanced content levelIntermediate to advanced

A Practical Approach to Managing AWS Security with Identity and Access Management

  • Hone your IAM skills and learn to manage users, groups, roles, and policies, including cross-account roles
  • Learn how explicit and implicit denies impact your permissions, how you can pass roles to AWS services, and how to use SAML and Web Identity Federations
  • Understand how to use multiple VPCs and AWS accounts to isolate resource permissions, and how to use AWS Organizations and Service Control Policies

Security knowledge is an absolute necessity for anyone who manages an AWS account. AWS IAM, Accounts, and Organizations Deep Dive is an intensive training that focuses on AWS Identity and Access Management (IAM) design, administration, and security. You gain the required skills to quickly and easily create your IAM users, groups, roles, and policies, with a focus on maximizing security using the principal of least privilege.

You start with the absolute basics and build to more advanced topics as the training progresses. Understanding the shared responsibility model, the principal of least privilege, root user vs. IAM users, and Day 1 AWS Account Security provides the foundation for IAM knowledge. You learn to configure IAM users, groups, roles, and policies.

You gain a much deeper understanding of critical IAM polices, and how policy conflicts are handled. We examine how to pass roles to AWS Services, and how to configure cross-account roles and allow the assumption of roles. You also learn how to use tools such as IAM Policy Simulator and IAM Access Analyzer to help create effective policies.

You learn about design patterns for multiple AWS Accounts and VPCs and how to manage multiple accounts using AWS Organizations. Finally, you examine Service Control Policies (SCPs) and how they can control the services available to AWS accounts.

What you’ll learn and how you can apply it

  • How to use IAM Users, Groups, Roles, and Policies
  • IAM Role-based Access Control, policy conflicts, passing roles to AWS services, switching roles and cross-account roles
  • How to use SAML Identity Federation and Web Identity Federations
  • AWS Organizations, Consolidated Billing, and Service Control Policies (SCPs)

And you’ll be able to:

  • Create and configure IAM users, Groups, Roles, and Policies
  • Configure cross-account roles and allow AWS services and users to assume roles
  • Manage multiple AWS Accounts with AWS Organizations and Service Control Policies
  • Apply AWS Security concepts including shared responsibility, least privilege, root vs. IAM, and multi-factor authentication

This live event is for you because...

  • You are an AWS beginner or intermediate student who needs to understand IAM and multiple AWS accounts
  • You are a certification candidate for any of the following exams: AWS Solution Architects (Associate and Professional), AWS Security Specialty, or SysOps Administrator Associate

Prerequisites

  • A basic familiarity with AWS and the AWS Console

Course Set-up

  • Access to an AWS account that you can experiment with (optional if you would like to follow along with the hands-on portion)

Recommended Preparation

Recommended Follow-up

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

Segment 1: AWS Security Concepts Length (30 min)

  • The Shared Responsibility Model
  • The principal of Least Privilege
  • Root user vs. IAM users
  • Day 1 AWS Account Security

Segment 2: IAM Basics Length (40 min)

  • Users and Groups
  • IAM Roles
  • Password Policies
  • Multi-Factor Authentication
  • IAM Policy basics
  • IAM Policy conditions
  • Explicit and Implicit Denies
  • Break (10 min)

Segment 3: IAM Permissions Deep Dive Length (60 min)

  • Role-based Access Control
  • Attribute-based Access Control
  • Explicit and Implicit Denies
  • Passing Roles to AWS Services
  • Switching Roles and Cross-Account Roles
  • IAM Policy Simulator
  • IAM Access Analyzer
  • Break (10 min)

Segment 4: STS and Identity Federations Length (30 min)

  • Assuming a role
  • SAML Identity Federations
  • Web Identity Federations

Segment 5: Accounts and Organizations Length (40 min)

  • Design pattern: Multi-VPC vs. Multi-Account
  • AWS Organizations and Consolidated Billing
  • Service Control Policies (SCPs)

Q&A – 20 minutes

Your Instructor

  • Rick Crisci

    Rick Crisci is the owner TrainerTests.com, a leading online learning and test preparation platform. His original courses have been featured on multiple platforms including Pearson, LinkedIn Learning, and Udemy. Rick has created over 30 courses and has taught over 250,000 students. Rick is also the co-author of the AWS Certified SysOps Administrator - Associate Exam Cram book. 

    After over 15 years of real-world info systems and telecommunications experience, Rick became a VMware Certified instructor in 2013. Shortly after, he became an AWS Certified instructor. Rick still regularly teaches live AWS courses focused on exam preparation. VMware has recognized Rick as the first-place Instructor of the Year for the Americas due to the glowing feedback from his students.

    Rick’s company, TrainerTests.com, provides video training, practice exams, and live training services. Rick has created many AWS courses for this platform including AWS Certified Solutions Architect - Associate, Certified Network Specialty, Certified Security Specialty, Reducing AWS costs, and much more.

    linkedinXlinksearch

Skills covered

  • Amazon Web Services (AWS)
  • AWS Certified Security - Specialty