What is IAM?
- IAM = Identity and Access Management, Global service
- Root account is the default account.
- Users are people in your organization/company.
- Groups only contain users and not other groups.
- Users dont have to belong to a group and users can be in multiple groups.
IAM: Permissions
- Users or Groups are assigned a JSON document called policies.
- Policies define the permissions of the users
- In AWS you apply the least privileges principle(dont give more permissions than a user needs)
IAM Policies Structure
Consist of:
- Version: Example "2012-10-17" - Id: Example "S3-Account-Permissions" - Statement
Statment consist of:
- SID: The id of the statement. Example: "1" - Effect: Exmaple "Allow" - Principal: sccount/user/role to which the policy applies Example "arn:aws:iam::12324354:root - Action: list of actions this policy allows or denies - Resource: list of resources to which the actions applied to Example "myBucket(Storage)" - Condition: conditions for when the policy is in effect
What is IAM MFA?
- MFA = Multi Factor Authentication(Password + security device)
What MFA devices do you get?
- Virtual MFA device Exampe Google Authenticator
- Universal 2nd Factor(U2F) Security Key. Its a physical device.
- Hardware Key Fob MFA Device. Also physical device
- Hardware Key Fob MFA Device for AWS GovCloud. Also physical device
What are the 3 ways to access AWS?
- AWS Management Console
- AWS Command line interface(CLI)
- AWS Software Developer Kit(SDK)
How to get access using the AWS CLI?
1) Create access keys for user
2) In cmd, type “aws configure”.
3) Enter your “Access Key ID”
4) Enter “Secret Access Key”
5) Enter default region name”
6) Enter “output format”, just press enter
What is AWS Cloud Shell?
- it is like AWS CLI but build into the AWS console.
- It is only available for certain regions.
What is a IAM Role?
- Giving access the services to perform a particular task.
What IAM Security Tools do you get?
1) IAM Credentials report(account level)
- a report that list all account’s users and the status of their credentials
2) IAM Access Advisor(user-level)
- shows service permissions granted to a user and when last was it accessed
IAM Guidelines & Best Practices
- Dont use the root account except for account setup
- One physical user = One AWS user
- Assign users to group and assign permissions to groups
- Create a strong password policy
- Use and enforce the use of Multi Factor Authentication(MFA)
- Create and use Roles for giving permissions to AWS services
- Use Access Keys for Programmatic Access(CLI/SDK)
- Audit permissions of your account with the IAM Credentials Report.
- Never share IAM users & Access Keys
-
Section3: Getting started with AWS4
-
Section4: IAM & AWS CLI11
-
Notes1
-
Section 5: EC2 Fundamentals9
-
Section6: EC28
-
Section7: EC2 Instance Storage8
-
Section8: High Availability and scaling7
-
Section9: AWS Fundamentals:RDS + Aurora + ElastiCache10
-
Section10: Route 535
-
Section 12: Amazon S3 Introduction4
-
Section13: AWS SDK,IAM Roles & Policies1
-
Section 14: Advance Amazon S3 & Athena5
-
Section 15: CloudFront & AWS Global Accelerator4
-
Section 16: AWS Storage Extras15
-
Section 17: Decoupling applications:SQS,SNS,Kinesis,Active MQ8
-
Section 18: Containers on AWS:ECS, Fargate , ECR & EKS5
-
Section 19: Serverles overviews from a Solution Arhitect perspective4
-
Section 20: Serverless Solution Architecture Discussion1
-
Section 21: Databases in AWS13
-
Section 23: Identity and Access Management(IAM)5
-
Section 24: AWS Security & Encryption9
-
Section 25: Networking - VPC21
-
Section 29:Disaster Recovery & migrations8
-
Section 30: More Solution Architectures11
-
Section 32: Whitepapers and architectures1
