Week 7 - Role and Group Access Management

  When it comes to being able to access cloud environments along with certain features and resources, not just anyone should be able to access these. This is obvious, but what may not be so obvious is that users should have access to specific features. For example, a network admin and a cloud engineer will have as much access as necessary for their respective companies versus a financial analyst for the company. So how do cloud users define what users get access to? Well, this is managed through permissions of different types. In this post, I will go over some of them.

Defining permissions is important to understand why they are important. Permissions are specific actions that an identity (being users, groups, roles, etc..) is allowed to do. Permissions make it possible for services and resources to be seen and utilized. 

Before going into user access, it is important to first elaborate on what a user is. A user is an identity representing a person or application needing to access the cloud resources. This is commonly seen in AWS cloud computing. The user must log in with credentials to access these services and resources. Users are part of an identity in cloud environments

Groups are also important for access management. A group is an identity that represents a collective of users. In groups, an admin can assign permissions to multiple users at a time without having to go to individual users. This feature is essential when dealing with a cloud environment that has a large number of users that need access. 

Policies are a collection of permissions that are assigned to an identity. Identity-based policies can grant permissions to a set of identities. Teller policies are an extension of policies. Teller policies apply to teller users, which gives them all the same permissions as each other. 

Lastly, there are roles. Roles are an identity that provides a way for policies to be assigned to other resources for a specific period. Roles can be used to temporarily assign permissions to a user and often are used to provide higher permission levels to execute changes or approve actions.

Overall, each layer of access management is what makes cloud environments pretty easy to manage and understand. It is crucial to have a proper configuration of all of the management to make sure resources and services are properly secure. 

Comments