O'Reilly logo
live online training icon Live Online training

AWS Administration Essentials: Security, Identity, and Access Management

Topic: Web Ops & Performance
Mark Wilkins

AWS Identity and Access Management (IAM) is the essential security tool embedded into every AWS service. If you’re a system administrator or cloud architect working with AWS (or are about to), this course will show you how to use IAM to properly secure your hosted AWS resources and data storage locations by controlling authentication and access to those resources

Expert Mark Wilkins covers all aspects of creating and maintaining IAM policies for users, groups, roles, and service linked roles. Topics include the operation and management of security using Identity and Access Management, understanding the authentication and authorization processes, and permission policies used to control access. Along the way, Mark walks you through tools and utilities such as the credential manager, the access advisor, the policy simulator, and many others.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand: - How to manage your AWS account using IAM - How to create IAM users and groups - How to deploy IAM roles for hosted applications and AWS accounts

And you’ll be able to: - Create custom IAM policies - Manage IAM security settings and controls - Secure the root account of your AWS account - Use Identity and Access Management to properly secure AWS accounts and resources

This training course is for you because...

  • You’re a system administrator moving to AWS, and you need to learn about available security services.
  • You’re a cloud architect responsible for AWS design, and you need to understand how to properly secure your application stacks.
  • You’re a security auditor who wants to fully understand how security is deployed in the AWS cloud.
  • You’re an IT professional who needs to develop AWS technical knowledge and skills for daily operation and migration.


  • A basic understanding of cloud technology and computing
  • Experience in networking, system administration, and working with virtualized resources (useful but not required)

Recommended preparation: - Familiarize yourself with AWS IAM by watching portions of AWS IAM: The Cloud Engineer's Secure Cloud Handbook (video, 2h 51m)

Recommended follow-up: - Finish AWS IAM: The Cloud Engineer's Secure Cloud Handbook (video, 2h 51m) - Read AWS Certified Solutions Architect Official Study Guide (book) - Read Learning Amazon Web Services (AWS): A Hands-On Guide to the Fundamentals of AWS Cloud (book)

About your instructor

  • Mark Wilkins has more than 20 years’ experience designing, deploying, and supporting software and hardware technology in the corporate and small business world. Currently, Mark provides training and consulting services to corporate customers throughout North America. Previously, as course director for Global Knowledge, Mark developed and taught technical seminars and developed courseware for the 2008 Microsoft official curriculum stream.

    Since 2010, Mark has focused on cloud services, including Amazon Web Services, Microsoft Azure, and IBM SoftLayer. Mark holds Amazon Web Services Architect - Associate and AWS Sys-Ops - Associate as well as certifications in MCSA (2012) He is the author of Learning AWS which has been published in 2019 by Pearson Education.


The timeframes are only estimates and may vary according to how the class is progressing

What is AWS Identity and Access Management (IAM)? (10 minutes) - Presentation: IAM features and functionality; granular permissions for different users and resources; securing access to AWS resources for hosted applications; multifactor authentication (for individual users and AWS accounts); identity federation (for corporate users or internet identity providers); eventual consistency through a high-availability design

Working with IAM (15 minutes) - Presentation: The AWS Management Console; using the command line (CLI)—AWS command-line tools and AWS tools for Windows PowerShell - Hands-on exercises: Explore IAM using the Management Console and CLI

IAM terms (10 minutes) - Presentation: Resources—User, Group, Role, Policy, and Identity provider objects; identities—where policies can be attached; entities—resource objects that can authenticate to an AWS account; principles—What can make authentication and authorization requests to IAM? - Hands-on exercises: Identify resources; attach and detach policies

IAM in operation (15 minutes) - Presentation: Controlling authentication and authorization requests; making requests for AWS resources; authenticating to AWS; authorization to AWS resources; IAM actions and operations - Hands-on exercises: Perform IAM actions

Break (10 minutes)

IAM in operation, continued (25 minutes) - Presentation: Root user credentials; IAM users; IAM groups—delegating permissions; federating existing users - Hands-on exercises: Authenticate as the root user; create IAM users; create IAM groups; explore federation

Access management with permissions and policies (20 minutes) - Presentation: Policies and AWS accounts; AWS organizations for large multi-AWS account deployments; policy summary tables—access level, resources, and conditions allowed or denied; policies for IAM users and groups; creating identity-based and resource-based policies; selecting managed policies; customer managed policies for custom needs; resource-based policies for storage resources; inline policies; permission boundaries for additional control - Hands-on exercises: Explore AWS organizations; attach managed policies; review permission boundaries

IAM roles (10 minutes) - Presentation: Roles for hosted applications; roles for cross account access - Hands-on exercises: Create and attach roles for EC2 instance and application; set up cross-account access

Break (10 minutes)

IAM roles, continued (15 minutes) - Presentation: When to create a role or IAM user; service-linked roles - Hands-on exercises: Explore service-linked roles

IAM best practices (20 minutes) - Presentation: Locking away AWS account root user access keys; using groups to assign permissions; configuring a strong password policy; enabling MFA; rotating credentials; using policy conditions - Hands-on exercises: Remove access keys from root user; configure MFA

Managing IAM users (20 minutes) - Presentation: Troubleshooting with the policy simulator; credential manager; access manager; resetting passwords; IAM access advisor; monitoring activity in your AWS account with CloudTrail and CloudWatch - Hands-on exercises: Use the policy simulator; review user account details with credential manager and access manager; monitor authentication activity with CloudTrail