Learn S3 signed URLs from our free email-based course
Learn the basics of cloud-native file handling:
Why serverless needs a new way to distribute files
How to implement signed URLs on the backend and the frontend
How permissions work with signature-based downloads
Tamás Sallai
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Learn how to use CloudFront from our free email-based course
Learn the basics of CloudFront configuration and:
Take advantage of AWS's global distribution network
Use path-based routing to add an entry point to your cloud infrastructure
Utilize caching on the edge locations
Tamás Sallai
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Learn how to use async functions in Javascript from our free email-based course
Learn the basics of async/await and master asynchronous workflows in Javascript.
Learn:
How async functions work and how to use the await keyword
How to use the Promise constructor
How to implement proper error handling in an async environment
Tamás Sallai
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Learn the basics of serverless computing on AWS from our free email-based course
Learn the parts that are needed to make a serverless API on AWS:
Write a Lambda function and add IAM permissions to it
Add API Gateway for an HTTP endpoint
Use DynamoDB to store data
Tamás Sallai
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Join our mailing list
We write articles like this regularly. Let's keep in touch and:
Get coupons for our books and courses when they are available
Download our short ebook on AWS security basics
Get articles and content on a regular basis
AWS S3 Signed URLs Handbook free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction and use cases
The architecture of signed URLs
Backend implementation with Node.js
Least privilege with dedicated roles
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Javascript on AWS Lambda free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction and the Lambda execution model
Cold starts
Async programming model
Storing secrets in SSM Parameter Store
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
A Practical Guide to AWS IAM free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction and Access control basics
IAM users and roles
The Principal and the Resource fields in policies
Resource-based policies
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
Asynchronous Programming Patterns in Javascript free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction
Getting started with async/await
Error propagation in Promise chains
The async disposer pattern
Getting an "already subscribed" error?
This also signs you up to our mailing list (Why is that?).
IAM is the most important security service in AWS
To protect the resources inside an AWS account you need to manage who can do what. The IAM service defines who can access the account and what is allowed and what is not.
But access control is not easy. There are many concepts, such as principals and policies, that seem overwhelming at first.
This book is a comprehensive yet practical guide for access control in AWS.
When I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.
After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.
Access control is the foundation of security
AWS offers several other security services: Security Hub, Config, CloudTrail, GuardDuty, to name a few. They are great to detect problems or help with investigations.
But all of them are in the second line. The security of an account depends on the configuration of who can do what. Intrusion detection and logging are secondary to access control.
Learn how to use AWS IAM
This book has all the information in an easy-to-follow format to understand IAM and use it effectively. You'll learn:
How to grant access using users and roles
How to write policies to define what is allowed and what is not
What is the policy evaluation logic and how IAM determines access
...and more!
Screenshots
Table of contents
Access control basics Where IAM controls access Access elements Principal IAM Users IAM Roles Special Principals Resource Action Metadata CloudTrail logging
IAM Policies Structure Filters Principal/NotPrincipal Resource/NotResource Action/NotAction Condition Strings IfExists Variables Multiple values Other types Policy types Identity-based policies Inline and managed policies Resource-based policies Service Control Policy (SCP) Session policy Permissions boundary Visual editor
Evaluation flow Step 1: Build the request context Step 2: Collect all applicable policies Step 3: Run the evaluation logic
Evaluation examples Identity policies to allow access Resource policy to deny access Resource policy to allow access Using conditions Tag-based access control Restricted resources
How to secure an AWS account Security as an AWS administrator Do not reuse credentials Minimize the number of policies Use separate accounts via Organizations Implement least privilege Minimize transitive permissions Use monitoring and logging Security as a developer Follow an additive permission strategy Use roles instead of users where possible Maintain an identical test environment Automate security checks
Conclusion Glossary
About the author
Tamás Sallai
Hey, I'm Tamás! I co-author the advancedweb.hu blog and if you're here there is a good chance you've already read some of my articles.
I'm a software developer focusing mostly on cloud computing and web technologies. I'm especially interested in how to handle edge cases to end up with dependable software.
One of my main focus is security and how each part affects the whole system. I'm an AWS-certified security specialist.
Tamás Sallai 
