Thursday, June 17, 2021

AWS Cognito, POLICY Generator, Policy Simulator, IAM Policy Visual Editor

 AWS Identities :

1) Users

2) Usergroups

3) Roles

4) Temporary security credentials


https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

https://wellarchitectedlabs.com/reliability/300_labs/300_testing_for_resiliency_of_ec2_rds_and_s3/documentation/aws_credentials/



API Gateway 

https://www.youtube.com/watch?v=0dVL70Ayq5I


https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html   API Gateway + Lambda

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken


IAM > Identity providers >  Create Identity Provider

OpenId()   vs SAML (ADFS Active Directory Federation Service)



Role can be assigned to

AWS service

EC2, Lambda and others


Another AWS account

Belonging to you or 3rd party


Web identity

Cognito or any OpenID provider


SAML 2.0 federation

Your corporate directory


Choose an API type

HTTP API

Build low-latency and cost-effective REST APIs with built-in features such as OIDC and OAuth2, and native CORS support.

Works with the following:

Lambda, HTTP backends


WebSocket API

Build a WebSocket API using persistent connections for real-time use cases such as chat applications or dashboards.



Roles and users are both AWS identities with permissions policies.

Roles can be used by the following:

An IAM user in the same AWS account as the role

A web service offered by AWS such as Amazon Elastic Compute Cloud (Amazon EC2)

An external user authenticated by an external identity provider (IdP) service that is compatible with SAML 2.0 or OpenID Connect.

Applications running on that instance can retrieve temporary security credentials and perform actions that the role allows


 https://sts.amazonaws.com

You can use AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. For more information about AWS STS, see Temporary security credentials in IAM. AWS STS is a global service that has a default endpoint at https://sts.amazonaws.com



EC2 is a Service

Load balancers (EC2 feature)


https://awspolicygen.s3.amazonaws.com/policygen.html

https://policysim.aws.amazon.com/home/index.jsp?#

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2


IAM -> Policies -> Visual Editor

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2


IAM > Identity providers > Create Identity Provider

https://console.aws.amazon.com/iamv2/home?#/identity_providers



Route 53 > Hosted zones > Domain.com > Record Type A /CNAME etc


Identity Pool  + Role ????????????


AWS Cognito (User Pool)  ? ??? How to get Token using postman????????


API Gateway + Cognito ?????????????


API Gateway + AWS Cognito ??????????? + EKS


 Elastic Container Registry  - Docker Image Repo


No comments:

Post a Comment

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass