DEV Community

Andrew Artajos
Andrew Artajos

Posted on

Identity Access Management (IAM)

#aws #cloudpractitioner

Identity Access Management

  • Global - no need to specify a region
  • Once created, this is applicable GLOBALLY.

3 ways to access AWS Console

  1. Console
  2. Programmatically (was-cli)
  3. SDK

Root Account

  • Email address used to setup the AWS account
  • Has full administrator access
  • Secure with Multi-Factor Authentication
  • Create users for each individual for your organisation

Group

  • Store your users
  • Could apply policy to a group
  • Members of that group get the same access

IAM Best Practices

Root Account

  • Do not use for login
  • Create a “working account”

MFA

  • Always enable

Users

  • One user = One real human being

User/Groups/Policies

  • Always place users in groups.
  • Apply policies to groups.

Password Policies

  • Have a strong password rotation policy

Access Keys

  • Use access keys for programmatic access

Roles

  • Use roles to access other AWS services.

IAM Credential Report

  • Use IAM credential reports to audit the permissions of your users/accounts.

Top comments (0)

Read next

rksalo88 profile image

Learning AWS Day by Day — Day 45 — Amazon DynamoDB — Part 1

Saloni Singh -

johanneskonings profile image

Consideration about cdk-notifier and Tags

Johannes Konings -

ravindras profile image

Cloud Security and Resilience: DevSecOps Tools and Practices

Ravindra Singh -

alfredotavio profile image

Instalando e Configurando o Servidor de E-mail Carbonio CE na AWS (Substituto do Zimbra)

Alfredo Castro -