AWS Access Keys, CLI and SDK

How can users access AWS?

• To access AWS, you have the 3 optioins:
  1. AWS Management Console(password + MFA)
  2. AWS Command Line Interface(CLI): protected by access keys
  3. AWS Software Developer Kit(SDK) - for code: protected by access keys
• Access Keys are generated through the AWS Console
• Users manage their own access keys
  • Access Key ID ~= username
  • Secret Access Key ~= password

What`s the AWS CLI

• A tool that enables you to interact with AWS services using commands in your command-line shell
• Direct access to the public APIs of AWS services
• You can develop scripts to manage your resources
• It`s open-source https://github.com/aws/aws-cli
• Alternative to using AWS Management Console

What`s AWS SDK

• AWS Software Development Kit(AWS SDK)
• Language-specific APIs (set of libirarys)
• Enables you to access and manage AWS services programmatically
• Embedded within your application
• Supports
  • SDKs (Python, JAvaScript...)
  • Mobile SDKs (Android, iOS, ...)
  • IoT Device SDKs (Embedded C, Arduino, ... )
• Example: AWS CLI is built on AWS SDK for Python

AWS CloudShell

IAM Roles for Services

• Some AWS service will need to perform actions on your behalf
• To do so, we will assign permissions to AWS services with IAM Roles
• Common roles:
  • EC2 Instance Roles
  • Lambda Function Roles
  • Roles for CloudFormation

IAM Security Tools

• IAM Credentials Report (account-level)
  • a report that lists all your account`s users and the status of their various crendetials
• IAM Access Advisor (user-level)
  • Access advisor shows the service permissions granted to a user and when those services were last accessed.
  • You can user this information to revise your policies.

IAM Guidelines & Best Practices

• Don`t use the root account except for AWS account setup
• One pyisical user = One AWS user
• Assign users to groups and assign permissions to groups
• Create a strong password policy and MFA
• Create and use Roles for giving permissions to AWS services
• Use Access Keys for Programmatic Access (CLI/ SDK)
• Audit permission of your account using IAM Credentials Report & IAM Access Advisor

本栏目推荐文章
• 从C++CLI工程的依赖库引用问题看.Net加载程序集机制
• Next.js 开发指南 初始篇 | Next.js CLI
• 【npm问题】执行npm i @ant-design/pro-cli -g报错npm ERR! code ENOTEMPTY
• linux 危险cli
• 在亚马逊云(AWS)EC2上使用用户和密码进行登录
• AWS s3存储桶迁移
• 关于AWS-跨账号进行-CMDB资源信息的收集-服务端与客户端-Role及策略的创建
• 如何在Windows中清除PHP CLI屏幕 cls 清屏
• SAP-DB-HANA-数据库-基于AWS平台-Backint-数据备份还原功能的安装与配置
• Vue ui 创建项目报错： ERROR Failed to get response from https://registry.npmjs.org/vue-cli-version-marker

Certificate AWS Course 2.2 CLIcertificate aws course 2.2 certificate aws course cli aws-cli aws cli certificate aws getting started aws cli ecr aws cli eks aws-cli方式 方法 资源 策略policy权限aws-cli 策略 权限aws-cli方式