Topic 2: Security and Identity Management

This section focuses on identity and access management (IAM) to control permissions and protect cloud resources, as well as securing cloud instances using security groups and firewall rules.

• Study

  • IAM concepts: Users, Groups, Roles, Policies across AWS, Azure, and GCP

  • AWS Security Groups vs. Azure Network Security Groups vs. GCP Firewall Rules

Test your Knowledge

After studying, test your knowledge with these AI prompts:

1. What is the difference between IAM Users, Groups, and Roles?
2. How does RBAC differ from ABAC in cloud identity management?
3. How do IAM policies control access to cloud resources?
4. What steps can be taken to enforce the Least Privilege Principle in IAM?
5. What are the difference between inbound rule and outbound rule.
6. What is the difference between security groups and traditional firewalls?
7. How do security groups differ from network ACLs in cloud networking?
8. What is the significance of stateful vs. stateless rules in cloud security?

Hands-on Task

• Create IAM users and groups with specific permissions in cloud platform.
• Implement IAM roles for secure access management
• Define and apply IAM policies to restrict access to sensitive resources
• Create a security group for a VM instance
• Define inbound rules to allow specific traffic (e.g., HTTP, SSH, RDP)
• Define outbound rules to control external communication.
• Apply security group rules to a VM and verify access restrictions.
• Test traffic flow by attempting to connect from an allowed and a restricted IP address.