07 - EC2 w/ S3 Role Lab

Question 1

What are IAM Roles?

Answer 1

• IAM roles are a secure way to grant permissions to entities that you trust.
• IAM roles issue keys that are valid for short durations, making them a more secure way to grant access.
• Examples of entities include the following:
  
  • IAM user in another account
  • Application code running on an EC2 instance that needs to perform actions on AWS resources
  • An AWS service that needs to act on resources in your account to provide its features
  • Users from a corporate directory who use identity federation with SAML

Question 2

EC2 w/ S3 Roles

Answer 2

EC2 w/ S3 Roles

• Roles allow you to not use Access Key IDs and Secret Access Keys
• Roles are preferred from a security perspective
• Roles are controlled by policies
• Roles are universal and can be applied against multiple EC2 instances
• Roles are always preferred from a security perspective (Access Keys / Secret Access are not preferred)
• You can change the policy on a role and it will take immediate effect
• You can edit the policy and it will affect all EC2 instances with the Role attached
• You can attach and detach roles from running EC2 instances without having to stop or terminate the instance

Question 3

Identity Access Management via Roles

Answer 3

• Can access without needing to store credentials if the role is attached to the instance

Question 4

How do you assume a role?

Answer 4

• You can switch roles from the
  
  • AWS Management Console.
• You can assume a role by calling an
  
  • AWS CLI
  • API operation
  • By using a custom URL
• What are the implications?
  
  • The method that you use determines who can assume the role and how long the role session can last.