AWS Security & IAM

Security Groups and EC2

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. To decide whether to allow traffic to reach an instance, AWS evaluate all the rules from all the security groups that are associated with the instance.

Security groups are not just limited to EC2, but can be used with other services such as RDS.


Authenticating DynamoDB Using Web Identity Providers

Using AssumeRoleWithWebIdentity API you can authenticate users using web identity providers such as Amazon, Google, Facebook or any other open-id compatible identity provider.


Following steps need to be completed first:

  1. Go to IAM

  2. Click on Create New Role

  3. Select Role for identity provider access

  4. Select grant access to identity providers

Security and Fine Grained Access Control (FGAC) in DynamoDB

  1. Fine Grained Access Control (FGAC) gives a DynamoDB table owner a high degree of control over data in the table.

  2. The table owner can indicate who (caller) can access which items or attributes of the table and perform what actions (read / write capability).

  3. FGAC is used in concert with AWS IAM, which manages the security credentials and the associated permissions.

AWS Certificate Manager Overview

Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates are used to secure network communications and establish the identity of websites over the Internet.

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy SSL/TLS certificates for use with AWS services.

AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates.

S3 Encryption Overview

S3 supports server side and client side Encryption. Two types of Encryption: In transit, At rest.

Encryption details can be specified while uploading file.


Encryption In Transit (SSL/TLS)

You can securely upload/download your data to Amazon S3 via SSL endpoints using the HTTPS protocol. 


Encryption At Rest

Server Side Encryption

Type Of Security Credentials in AWS - Singon, Access and IAM Users

There are different types of security credentials based on how we interact with AWS - Management Console or tools such as CLI or SDKs. 


Signon Credentials: Email and Password

Email and password created during signup are used to login to pages such as the AWS Management Console, AWS discussion forums, or AWS support center.

Learn Serverless from Serverless Programming Cookbook


Please first use the contact form or facebook page messaging to connect.

Offline Contact
We currently connect locally for discussions and sessions at Bangalore, India. Please follow us on our facebook page for details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.


CloudMaterials is my blog to share notes and learning materials on Cloud and Data Analytics. My current focus is on Microsoft Azure and Amazon Web Services (AWS).

I like to write and I try to document what I learn to share with others. I believe that knowledge is useless unless you share it; the more you share, the more you learn.

Recent comments

Photo Stream