AWS Security

Security and Fine Grained Access Control (FGAC) in DynamoDB

Fine Grained Access Control (FGAC) gives a DynamoDB table owner a high degree of control over data in the table. The table owner can indicate who (caller) can access which items or attributes of the table and perform what actions (read / write capability). FGAC is used in concert with AWS IAM, which manages the security credentials and the associated permissions.

Understanding Security Groups for EC2

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. To decide whether to allow traffic to reach an instance, AWS evaluate all the rules from all the security groups that are associated with the instance.

Security groups are not just limited to EC2, but can be used with other services such as RDS.

 

[Lab] Understanding Security Groups for EC2

We will experiment with security groups and EC2. This lab assumes that you can create an EC2 instance, connect to it and do basic operations.

 

Steps:

  1. Create an EC2 instance of type t2 micro. Reuse the security group and the keypair we had created in previous labs. Note: You may also create a new security group, but allow HTTP and HTTPS in addition to SSH.

  2. Login using the public ip through SSH, and elevate as root:

AWS Security Credentials - Basics

The type of security credentials to use, depend on how we interact with AWS - Management Console or tools such as CLI or SDKs. For instance, signon credentials created during account creation is used to login to the admin console, whereas access credentials are used along with APIs and tools.