Start tracking your progress
Trailhead Home
Trailhead Home

Understand User Authentication and Authorization

Learning Objectives

After completing this unit, you will be able to:

  • Create a new AWS account.
  • Explain the differences between authentication and authorization.

If you want to get familiar with AWS and learn how to build your cat photo application, you can create an account and try things out for free.

Create an AWS Account

This is the AWS account creation page, where you can create an account to access AWS resources.

To create your cat photo application on AWS, you need to be able to access AWS resources. To access these resources, you need to create an AWS account. If you have not signed up for an account, use the following steps to create one.

  1. Open the AWS  Account Creation page.
  2. Enter your account information and then click Continue. Be sure that you enter your account information correctly, especially your email address. If you enter your email address incorrectly, you can't access your account.
  3. Choose Personal or Professional. Personal accounts and professional accounts have the same features and functions.
  4. Enter your company or personal information.
  5. Read and accept the AWS Customer Agreement ( https://aws.amazon.com/agreement). Be sure that you understand the terms of the agreement.
  6. Click Create Account and Continue.

When signing up for an AWS account, you can use the  AWS Free Tier to explore AWS services. Try out AWS services free of charge up to specified limits for each service. Some AWS services have a 12-month Free Tier, which allows you to use the product for free up to specified limits for one year from the date the account was created.

What’s the Big Deal About Auth?

When you’re configuring access to any account, two terms come up frequently: authentication and authorization. Though these terms may seem basic, you need to understand them to properly configure access management on AWS. It’s important to keep this mind as you progress on this trail. Let’s define both terms.

Understand Authentication

When you create your AWS account, you use a combination of an email address and a password to verify your identity. If the user types in the correct email and password, the system assumes the user is allowed to enter and grants them access. This is the process of authentication.

Authentication ensures that the user is who they say they are. Usernames and passwords are the most common types of authentication, but you may also work with other forms, such as token-based authentication or biometric data like a fingerprint. Authentication simply answers the question, “Are you who you say you are?”

Computer that shows login screen, asking you to prove who you are

Understand Authorization

Once you’re inside your AWS account, you might be curious about what actions you can take. This is where authorization comes in. Authorization is the process of giving users permission to access AWS resources and services. Authorization determines whether the user can perform an action—whether it be to read, edit, delete, or create resources. Authorization answers the question, “What actions can you perform?”

Computer that shows what actions can and can’t be performed, as an example of authorization 

Use Authentication and Authorization Together

Authentication and authorization are meant to be used together. And authorization always follows authentication. You must prove who you are before you can perform an action.

Suppose you have a cat café, where customers can come in and pet cats while they drink coffee. In the back of your cat café is an area where the cats sleep, eat, and drink water. This area, called the cat rec room, is protected by a locked door that only employees of the café can access to feed and take care of the cats.

The locked door is how you authenticate your employees, because the lock on this door gives access to employees with the correct key.

There also happens to be a special safe behind this locked door, that only you, the cat café owner, can access. This safe is where you store your beloved cat photos that you’ll use for your cat photo application on AWS. Though your employees have a key to access the cat feeding room, they are not allowed to access your safe. This is an example of authorization. Even though your employees have to prove their identity to enter the cat rec room (authentication), you have restricted access so that your employees can only access certain areas (authorization).

Wrap Up

Just as the cat café implemented authentication and authorization, AWS systems implement these concepts in a similar way. Now that your AWS account is officially set up, you learn how crucial these concepts become in the next few units.

Resources