HadoopExam.com

Hadoop Learning Resources

  • Increase font size
  • Default font size
  • Decrease font size


Amazon WebService Certification Practice Questions Total 354 Lifetime Access($55/2500INR)

Hadoop Training @ 50% Discounted Price (Just $69/3500INR) : Free Demo

Hadoop Developer Certification 335 Practice Questions(Just $55/2500INR)

Hadoop Admin Certification 307 Practice Questions(Just $55/2500INR)

Hadoop HBase Certification 214 Practice Questions(Just $55/2500INR)

    

Go To Page :   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27   Download Pdf

  

Amazon IAM

 

AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM,  you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

 

Without IAM, organizations with multiple users and systems must either create multiple AWS accounts, each with its own billing and subscriptions to AWS products,  or employees must all share the security credentials of a single AWS account. Also, without IAM, you have no control over the tasks a particular user or system can do and what AWS resources they might use.

 

IAM addresses this issue by enabling organizations to create multiple users (each user is a person, system, or application) who can use AWS products, each with individual security credentials, all controlled by and billed to a single AWS account. With IAM, each user is allowed to do only what they need to do as part of the user's job.

 

To change a user's name or path, you must use the IAM CLI or API. There is no option in the console to rename a user.

To rename IAM users, use the following commands:

CLI: aws iam update-user

API: UpdateUser

When you change a user's name or path, the following happens:

Any policies attached to the user stay with the user under the new name.

The user stays in the same groups under the new name.

The unique ID for the user remains the same. For more information about unique IDs, see Unique IDs.

Any resource or role policies that refer to the user as the principal (the user is being granted access) are automatically updated to use the new name or path. For example, any queue-based policies in Amazon SQS or resource-based policies in Amazon S3 are automatically updated to use the new name and path.

 

IAM does not automatically update policies that refer to the user as a resource to use the new name or path; you must manually do that. For example, imagine that user Bob has a policy attached to him that lets him manage his security credentials. If an administrator renames Bob to Robert, the administrator also needs to update that policy to change the resource from this:

 

arn:aws:iam::account-number-without-hyphens:user/division_abc/subdivision_xyz/Bob

to this:

arn:aws:iam::account-number-without-hyphens:user/division_abc/subdivision_xyz/Robert

This is true also if an administrator changes the path; the administrator needs to update the policy to reflect the new path for the user.

 

AWS Identity and Access Management is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your IAM users.

 

When IAM creates a user, group, instance profile, or server certificate, it assigns to each entity a unique ID that looks like the following example:

 

AIDAJQABLZS4A3QDU576Q

 

For the most part, you use friendly names and ARNs when you work with IAM entities, so you don't need to know the unique ID for a specific entity.  However, the unique ID can sometimes be useful when it isn't practical to use friendly names.

 

One example pertains to reusing friendly names in your AWS account. Within your account, a friendly name for a user or group must be unique. For example, you might create an IAM user named David. Your company uses Amazon S3 and has a bucket with folders each employee; the bucket has an IAM resource policy (a bucket policy) that lets users access only their own folders in the bucket. Suppose that the employee named David leaves your  company and you delete the corresponding IAM user. But later another employee named David starts and you create a new IAM user named David. If the resource policy on the bucket is set using the IAM user named David, the policy could end up granting the new David access to information in the Amazon S3 bucket that was left by the former David.

 

However, every IAM user has a unique ID, even if you create a new IAM user that reuses a friendly name that you deleted before.  In the example, the old IAM user David and the new IAM user David have different unique IDs. If you create resource policies for Amazon S3 buckets that  grant access by unique ID and not just by user name, it reduces the chance that you could inadvertently grant access to information that an employee should not have.

 

Another example where user IDs can be useful is if you maintain your own database (or other store) of IAM user information. The unique ID can provide a unique identifier for each IAM user you create, even if over time you have IAM users that reuse a name, as in the previous example.

      

Go To Page :   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27   Download Pdf

_______________________________________________________________________________________________________________________

Click to View What Learners Say about us : Testimonials

We have training subscriber from TCS, IBM, INFOSYS, ACCENTURE, APPLE, HEWITT, Oracle , NetApp , Capgemini etc.

 

Contact Us

Phone : 022-42669636
Mobile : +91-8879712614
Hadoop Learning Resource
B-902  Trade Center
 Mumbai 400097

Testimonials

Yeah the material is helpful to test our knowledge. I passed the exam.
Thanks for your help! Read More
--Sudha Udatha, USA

"I wish I had bought your exam prep during my first attempt. More than anything else your tests made me feel confident to crack the CCD-410 exam. It would not have been possible without you. My best wishes to your team"
Read More
-- Sandeep Swami Banglore

Login Form