IAM Role (Permissions)
To attach IAM role to an application instance where the instance has to talk to a database like DynamoDB
- Launch an IAM Role that has the required permissions to read and write from DynamoDB table.
- Reference the IAM Role in the instance profile property of the application instance.
- Assumed role comes from Trust Relationships which are only associated with roles.
- AWS STS is not accessible thru console. Its accessible programmatically via API.
- Roles can have policies attached to them and Roles can be applied to Servers, Users, Groups.
eg: EC2Server accessing S3 Bucket can have role to access that S3 bucket.
AWS Directory Services:
- Amazon Cloud Directory : Organize app data into hierarchies.
- AD Connector: Connects to on-premises AD.
- Amazon Cognito: User directory allows to sign-in using social media.
- Simple AD: Run AD-compatible directory, Samba 4 based, commonly integrates with WorkDocs.
- Microsoft AD running on EC2 instances on AWS Cloud.