Historic Notes

  • These notes were originally written 2018

IAM Users

  • If you check the IAM users section in AWS, you’ll see user accounts.
    • Click through and you’ll see access policies.
    • Click Show Policy and you’ll see what a policy looks like.
      • I’ve never created one of these policies from scratch, but there’s plenty of documentation online.
    • This allows users to access the relevant S3 bucket

Security Groups – EC2

  • Start in EC2
  • You can set up a server to only run on some networks
    • Might mean you can’t access it from home
    • You could use a VPC to work from home – use private IPs, not public – so others can’t access the server
    • To add an office: Add IP address of the network to security groups – then everyone there can access your server
  • If you want to add security for any EC2 instance, eg outbound or inbound
    • Select the instance
    • Scroll to the far right to see security group
    • Click on the link
    • !! Note that if you start from Security Groups (listed on the left in EC2), it doesn’t display them all at once, so you might need to click (top right) for the next page of results
  • Click Edit
  • You need to enable
  • !! Some of the IPs you see configured might be third parties like an ISP provider
    • Don’t remove access without checking first !!
  • If adding access from home, to find your external IP address you can use this site: https://www.whatismyip.com/
  • If you want to connect to any machine, you can just click the Connect button in EC2 (at the top of the list of instances, when you’ve selected an instance) – same as for CodeCommit
  • But will only work if ssh is enabled on the inbound route in security groups