DEV Community


Posted on • Updated on • Originally published at

AWS IAM Cheat Sheet

  • IAM consists of the following:
    • Users
    • Groups
    • Roles
    • Policy Documents
  • IAM is Global. It doesn't apply to any specific region.
  • There is no charge to use IAM.
  • IAM is compliant with Payment Card Industry (PCI) Data Security Standard (DSS)
  • The "root account" has complete Admin access.
  • Don't use "root account" for everyday use. Instead, create users. A new user will have NO permissions by default. Grant least privilege needed for their job.
  • New user will be assigned with password, Access Key ID & Secret Access Keys. The password will be used to login to AWS management console. Access Key ID & Secret Access Key will be used to login via the APIs and CLI
  • Always setup MFA on your root account.
  • Use Groups to assign permissions to IAM users
  • Use Roles to Delegate permissions. Role is more secure than creating individual user. Roles gives temporary credentials for access; whereas User has long term credentials.
  • Create and customize password rotation policies
  • Policies can be attached to users, groups and roles. Use AWS defined policies, assign permissions wherever possible. Policy is defined in JSON format and contains version, statements, - effect, action, resource, principal, and condition.
  • STS Security Token Service provides temporary security credentials to the trusted users. STS is global and there is no charge to use it.
  • Digest:
  • IAM best practices - Question might ask you to identify best practices among the given choices.
  • Difference between when to use Role and User.
  • IAM Policy Simulator - service for testing and troubleshooting IAM Policies. Details

Image description

Top comments (0)