Monthly Archives: September 2024

AWS

AWS User Security Tools

Leave a comment


AWS provides security tools in the form of reports and advisors that allow you to see the actions of users and gain knowledge of their behaviors within AWS.   We will cover IAM Credentials Reports and  IAM Access Advisor.

1.  The following is required before you create IAM user for your AWS Free Tier Account.

  • An Active AWS Account with admin level permissions..  

2.  Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

3.  In the search bar type IAM, highlight the Star next to IAM (So it will appear on you Console) and select IAM.

4.  On the left hand side of the screen, scroll down and select Credential reports.

5.  Select Download credentials report

6.  A CSV file will be downloaded showing you the activities of each user and other pertenate information about their activities.

7.  Now we will go to the IAM Access Advisor.  Back on the IAM left hand menu bar select Users.

8.  Click on the Users Name you are interested in,  this example ljcatt_aws

9.  Click on Last Accessed to view the AWS Services used

10.  You will see the report of services used or not used.  

Oracle

AWS Creating IAM Roles for Services

Leave a comment

AWS Services execute process that require permissions thus need permissions similar to an IAM user account.    IAM Roles are created which are granted permissions and the roles are granted to the service.

Common Roles are:

  • EC2 Instance Role 
  • Lambda Function Role 
  • Roles for CloudFormation  

1.  Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

2.  In the search bar type IAM, highlight the Star next to IAM (So it will appear on you Console) and select IAM.

3.  On the left hand side of the screen, scroll down and select Roles.

4.  The Roles Console appear and select Create Role

5.  The 3 step process will be presented.  The first step is to select the Entity you wish to create the role for.   There are 5 entity types:  AWS Service, AWS Account, Web Identify, SAML, and Custom trust policy.   We will choose AWS Service and the service that it will apply to chose EC2.

6.  Next page we will need to attach policies for the new Role, basically a defined list of permissions.   We will give the role permissions to read from IAM with the policy IAMReadOnlyAccess.  Click Next.

7.  On the next page you will give the role a name and description and you will be presented with JSON code for the new role.   Click on Create role.

8.  The new role will appear in your role list.

9.  This role can now be applied to an EC2 instance that we currently do not have but will be produced in another article.