Implementing Attribute-Based Access Control (ABAC) Using Tags

Implementing Attribute-Based Access Control (ABAC) Using Tags
Implementing Attribute-Based Access Control (ABAC) Using Tags

CLOUD LABS

Implementing Attribute-Based Access Control (ABAC) Using Tags

In this Cloud Lab, you’ll provide a hands-on experience implementing the attribute-based access control (ABAC) authorization model in AWS, which allows the definition of access policies based on attributes of principals and resources.

9 Tasks

advanced

1hr 30m

Certificate of Completion

Desktop OnlyDevice is not compatible.
No Setup Required
Amazon Web Services

Learning Objectives

A thorough understanding of the ABAC model
Hands-on experience restricting resource access with ABAC policy
Hands-on experience restricting assumption of roles with ABAC policy
Working knowledge of defining access of Lambda functions with ABAC policy

Technologies
Lambda logoLambda
IAM logoIAM
Cloud Lab Overview

Attribute-based access control (ABAC) is an authorization model that allows users to define access policies based on attributes associated with IAM principals and AWS resources. The ABAC model allows users to use attributes like tags to make access control decisions.

In this Cloud Lab, you’ll create an IAM group and attach an attribute-based access policy that allows the users in the group to assume only the roles with the same attributes as the user. You’ll then add users in the IAM group with different attributes. You’ll also create two roles with different attributes and attach an attribute-based access policy for accessing Lambda functions with similar attributes. Afterward, you’ll try to assume each role with both users.

You’ll also create two Lambda functions with different attributes. To conclude the Cloud Lab, you’ll access both the Lambda functions with both users.

The following is the high-level architecture diagram of the infrastructure that you’ll create in this Cloud Lab:

The architecture diagram
The architecture diagram
Cloud Lab Tasks
1.Introduction
Getting Started
2.ABAC Model for Role Assumption
Create an IAM Group
Add IAM Users in the Group
Create Roles
Role Assumption with IAM Users
3.ABAC Model for Accessing Resources by Assuming Roles
Create Lambda Functions
Put It All Together
4.Conclusion
Clean Up
Wrap Up
Labs Rules Apply
Stay within resource usage requirements.
Do not engage in cryptocurrency mining.
Do not engage in or encourage activity that is illegal.

Trusted by 1.4 million developers working at companies including

Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg
Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg

Get access to Educative Cloud Labs

Course Footer Image
Course Footer Image