Generating authentication keys

Authentication is an important feature for any product or platform to check the authenticity of a user who is trying to access and perform operations on the product, and also to keep the system secure. Since here we are going to access the AWS account using APIs, we need authorization keys to validate our request. Now, an important AWS service enters the picture called IAM (Identity and Access Management).

In IAM, we define the  users and generate access/secret keys, and also assign roles based on the resources which we want to access using it.

It is highly recommended NEVER to generate access/secrets keys as the root user, because it will have, by default, full access over your account.

The following are the steps to create a user, and to generate access/secret keys:

  1. Go to https://console.aws.amazon.com/iam/home?region=us-east-1#/home; you should see the following screen:
  1. Now, click on the third option, named Users, in the left pane. If your account is new, you will see no users. Now, let's create a new user--for that, click on the Add user button in the right pane:
  1. Once you click on the Add user button, a new page will load and ask for the username and the way you want your user to access the account. If you are going to use this user, for example, manish, only for programmatic purposes, in that case, I recommend that you uncheck the AWS Management Console access box so that the user doesn't need to log in using the AWS management console. Check the following screenshot for reference:
  1. Once you are done, click on the Next: Permissions button on the bottom-right side of the screen. Next, you need to select the permission you want to give to this user, which we call the IAM Policies. That means now, the user should be able to access the resources as per the policy defined, and also the kind of operations allowed for the user on the resources. For now, we add the Power User Access policy to this user.
  2. Internally, Power User Access will have a policy in the JSON format, something like this:
     { 
       "Version": "2012-10-17", 
       "Statement": [ 
            { 
              "Effect": "Allow", 
              "NotAction": [ 
                "iam:*", 
                "organizations:*" 
              ], 
              "Resource": "*" 
            }, 
            { 
              "Effect": "Allow", 
                "Action": "organizations:DescribeOrganization", 
                "Resource": "*" 
            } 
          ] 
      }

For more information about the IAM policy, read the documentation at the following link: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Readers who have been using Microsoft Active Directory can integrate AD with IAM easily using the AD connector. For more info, read the article given at this link: https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

Consider the following screenshot:

  1. Once you have added the policies to the user, click on the Next: Review button on the bottom-right side of the screen to move forward.
  2. The next screen will ask you to review it, and once you are sure, you can click on the Create user button to create the user:
  1. Once you click on the Create user button, the user will be created, and the policy will be attached to it. You will now see the following screen which has auto-generated the access key as well as the secret key, which you need to keep safe and NEVER ever share with anyone:
  1. Now that our access/secret key has been generated, it's time to build our application infrastructure on AWS. We will use the following tools to do so:
  • Terraform: This is an open-source tool for building infrastructure on different cloud platforms
  • CloudFormation: These are AWS services to build application infrastructure using the AWS resources
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.114.244