Module 3
Last updated
Was this helpful?
Last updated
Was this helpful?
Resource
User, group, role, policy and identity-provider objects stored in IAM
Entity
IAM resource objects that are used by AWS for authentication (users and roles)
Identity
IAM resource objects that can be authorized in policies to perform actions and access resources (user, group, or role)
Pricipal
Person or application that can sign in and make requests to AWS
An AWS Key is needed for the AWS CLI and to make programmatic calls to AWS
Follow the principle of least privilege.
Enable Multifactor authentication (MFA)
Require human users to access AWS by using temporary credentials.
Rotate access keys for use cases that require long-term credentials.
Use strong, complex passwords
Secure local credentials.
Use AWS Organizations.
Enable AWS CloudTrail.
Protect the root user
Plz protect the root user :-)
Charities
Provides temporary security credentials
Isn't uniquely associated with one person
Can be assumed by a person, application or service
It is often used to delegate access
Use cases
An application that runs on Amazon Elastic Compute Cloud (Amazon EC2)
Cross-account access for an IAM user
Mobile application
Two types of policies:
Identity-based: Attach to an IAM user, group or role
Resourced-based: Attach to an AWS resource
These can be used at the same time, are formatted in JSON, allow or deny, follow least privilege.
