search

Module 3

hashtag
AWS Shared responsibility model

hashtag
All about Security Principals, Securing Access and IAM

LogoModule 4 | AWS Cloud Foundationsawsfdn.adot8.comchevron-right

hashtag
IAM Terminology

Term (IAM)
Definition

Resource

User, group, role, policy and identity-provider objects stored in IAM

Entity

IAM resource objects that are used by AWS for authentication (users and roles)

Identity

IAM resource objects that can be authorized in policies to perform actions and access resources (user, group, or role)

Pricipal

Person or application that can sign in and make requests to AWS

circle-info

An AWS Key is needed for the AWS CLI and to make programmatic calls to AWS

hashtag
Best Practices

  • Follow the principle of least privilege.

  • Enable Multifactor authentication (MFA)

  • Require human users to access AWS by using temporary credentials.

  • Rotate access keys for use cases that require long-term credentials.

  • Use strong, complex passwords

  • Secure local credentials.

  • Use AWS Organizations.

  • Enable AWS CloudTrail.

  • Protect the root user

triangle-exclamation

Plz protect the root user :-)

hashtag
IAM Roles

  • Charities

    • Provides temporary security credentials

    • Isn't uniquely associated with one person

    • Can be assumed by a person, application or service

    • It is often used to delegate access

  • Use cases

    • An application that runs on Amazon Elastic Compute Cloud (Amazon EC2)

    • Cross-account access for an IAM user

    • Mobile application

hashtag
IAM Policies and Permissions

Two types of policies:

  • Identity-based: Attach to an IAM user, group or role

  • Resourced-based: Attach to an AWS resource

These can be used at the same time, are formatted in JSON, allow or deny, follow least privilege.

hashtag
Example of a resource-based policy

hashtag
Practice

PreviousModule 2NextModule 4

Last updated