![]() ![]() Every single operation anyone executes (including third parties) Including who called it, when and where from. Is AWS auditing mechanism and it logs every single API call that takes place in your account, Once you grant access to third parties and we start doing work, it’s important that you know exactly what operationsĪre executed on your AWS account - and that’s why CloudTrail is an incredibly useful tool. Updating the IAM access policy or deleting the IAM role. ![]() Once the work is completed, you can revoke access immediately by ![]() Services are actually an external entity to your account and you have to grant them permissionsīefore a third party does any work on your AWS account, the recommended mechanism to grant them There are manyĪWS services that require you to create an IAM role before they do anything on your AWS account. With IAM roles you have 100% control over which operations can beĮxecuted by an external account and the exact AWS resources that can be accessed. IAM roles are AWS’ standard way of granting cross-account access These are the basic AWS components you should care about: IAM Roles My recommendation is that you follow a similarĬonfiguration when you grant a third party access to your AWS resources. My clients don’t spend hours trying to set it up). So there is full transparency on the operations that I execute as part of my services (and That is why this post shows an automated way that allows you to easily capture, store and visualizeĭata on all the activity that takes place in your AWS account. The only problem is that they do take time to set up. Thankfully, there are mechanisms to give you just that. But even then, it is important that you keep track of the operations There is obviously a degree of trust you must place in anyone before giving them permissions For example, launching EC2 instances or creatingĬloudFormation stacks, monitoring CloudWatch metrics, updating Auto Scaling groups, etc. Or update components in your AWS account. To take a look at your AWS resources and execute API operations that list, describe, create Service providers (like me) eventually need You have to grant them access to your AWS account. When you’re working with third parties - either automated tools or service providers -, sooner or later Last update: September 21st, 2016 - The CloudFormation template now supports Elasticsearch 2.3 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |