forked from peorth80/aws-solutions-architect-associate-notes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathidentify-access-management.txt
24 lines (19 loc) · 1.13 KB
/
identify-access-management.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Identity Access Management (IAM) - Allows you to manage users and their level of access to the AWS Console.
- Centralized control of AWS account
- Shared access to AWS account
- Granular permissions
- Identify Federation (AD, FB, LinkedIn, etc.)
- Multifactor Authentication
- Provide temporary access for users/devices/services
- Allows you to setup password rotation policy
- Integrates with many services
- Supports PCI DSS Compliance
Critical Terms
Users - End users
Groups - Collection of users under one set of permissions (Admins, HR, etc.)
Roles - Create roles and assign them to AWS resources (i.e. giving EC2 instance role for writing to EC2)
Policies - Document that defines one or more permissions. Apply policies to users, groups, and roles
IAM does not use region concept.
You can create cross-acount roles (ie, you hire a company to do audit, the user that you provide to the auditor can be cross-account)
Never use your root account for daily base. ALWAYS create new users
Remember: Add user confirmation window (where the security and access key is shown) is only displayed ONCE. If you lose access, you will have to regenerate the keys.