IAM Role (Permissions)

To attach IAM role to an application instance where the instance has to talk to a database like DynamoDB

  • Launch an IAM Role that has the required permissions to read and write from DynamoDB table.
  • Reference the IAM Role in the instance profile property of the application instance.
  • Assumed role comes from Trust Relationships which are only associated with roles.
  • AWS STS is not accessible thru console. Its accessible programmatically via API.
  • Roles can have policies attached to them and Roles can be applied to Servers, Users, Groups.
    eg: EC2Server accessing S3 Bucket can have role to access that S3 bucket.

AWS Directory Services:

  1. Amazon Cloud Directory : Organize app data into hierarchies.
  2. AD Connector: Connects to on-premises AD.
  3. Amazon Cognito: User directory allows to sign-in using social media.
  4. Simple AD: Run AD-compatible directory, Samba 4 based, commonly integrates with WorkDocs.
  5. Microsoft AD running on EC2 instances on AWS Cloud.