Effective Amazon Machine Learning
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Creating login credentials

Last but not least if we want to use the AML@Packt user to log in to the AWS console, we must create login credentials for that user. As shown in the next screenshot, the Security Credentials tab is where you manage the user access keys, sign in credentials, and SSH keys:

SSH keys are not the same as access keys. SSH keys will let you SSH into certain assets, such as EC2 servers. Many services machine learning included have no use for SSH keys. Access keys, on the other hand, are used to programmatically manage AWS services. Access keys are necessary for setting the credentials needed to use the command line interface (AWS CLI).

Click on Manage Password and set a password for the user. This is what the permission for user AML@Packt looks like:

At this point, our IAM dashboard looks like this:

This previous screenshot shows the following:

  • We have deleted the root access keys. We can no longer programmatically access all AWS services in an unlimited fashion via the command line or APIs. We can still log in as root to the AWS console to create and manage access for people, but these will depend on the policies and access level we provide them with.
  • We have activated Multi Factor Authentication (MFA), a simple and very efficient way to secure access to AWS Services from your root access credentials.
  • We have created the AML@Packt user, which we will use to log in to AWS and when using the APIs or the command line.

We have not created groups or password policies that would further constrain the root access as we intend to only access Amazon ML through the AML@Packt user.

Here is a summary of the different ways you can access and use AWS services:

  • Log in on the AWS Console with your root password and login using Multi Factor Authentication (MFA).
  • Log in with the AML@Packt user with that user's login and password using MFA. The AML@Packt user can only use S3 and Amazon ML services. This is quite restrictive, but just the right amount of access for that user, nothing more.
  • Programmatically access S3 and Amazon ML via the S3 and Amazon ML access keys using the command line interface or AWS SDKs.

We had started with one user, the root user able to access everything AWS can offer programmatically and via the console. The new setup is much more secure and worth the time it took to set it up. Our newly gained understanding of IAM roles and policies will also be helpful later on when we start using different AWS services in tandem as the services will need to have appropriate access to one another. 

Before we pe into the presentation of a standard Amazon ML workflow, we need a brief word on regions. 

上一章目录下一章