What does IAM give you?
- Centralised control of your AWS account.
- Shared access to your AWS account.
- Granular Permissions.
- Identity Federation (Including Active Directory, Facebook, LinkedIn etc)
- Multi Factor Authentication
- Provide Temporary access for users/devices and services where necessary.
- Allows you to set up your own password rotation policy
- Integrates with many different AWS Services
- Support PCI DSS compliance
Critical Terms:
- Users: End Users (think people)
- Groups: A collection of users under one set of permissions.
- Roles: You create roles and can then assign them to AWS resources.
- Policies: A document that defines one or more permissions. Attach policy to users or groups or roles. JSON format.
Learnings:
- IAM consists of the following:
- Users
- Groups ( A way to group our users and apply policies to them collectively)
- Roles
- Policy Documents
- IAM is universal. It does not apply to regions at this time.
- The “Root Account” is simply the account created when first setup your AWS account. It has complete Admin access.
- New Users have NO permissions when first created.
- New Users are assigned Access Key ID and Secret Access Keys when first created.
- These are not the same as a password, and you cannot use the Access key ID and Secret Access Key to login in to the console. You can use this to access AWS via the APIs and COmmand Line however.
- You only get to view these once. If you lose them, you have to regenerate them. So save them in a secure location.
- Always set up multi factor authentication on your Root Account.
- You can create and customize your own password rotation policies.
0 comments:
Post a Comment