AWS > Security, Identity, & Compliance > Identity and Access Management (IAM):
Key Features of IAM:
1. Centralised control of your AWS account
2. Shared access to your AWS account
3. Granular Permissions.
4. Identity Federation (Including Active Directory, Faacebook, Google, Linkedin etc.)
5. Multifactor authentication
6. Provide temporary access for users/devices and service where necessary.
7. Allows you to set up your own password rotation policy.
8. Integrates with many different AWS services.
9. Supports PCI DSS compliance.
10. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your Users.
Key Terminology For IAM:
1. Users: End user, such as people, employess of organization etc.
2. Groups: A collection of users. Each user in the group will inherit the permissions of the group.
3. Roles: You create roles and then assign them to AWS resources.
4. Policies: Policies are made up of documents, call Policy documents. These documents are in a format called JSON and the give permissions as to what a User/Group/Role is able to do.
Exam Tips:
1. IAM is universal. It does not apply to regions at this time.
2. The 'root account' is simply the account crested when first setup your AWS account. It has complete admin access.
3. New users have NO permissions when first created.
4. New users are assigned Access Key ID & Secret Access Keys when first created.
5. There are not the same as a password. You cannot user the Access Key ID & Secret Access Key to login in to the console. You can user this to access AWS via the APIs and Command Line, however.
6. You only get to view these once. If you lose themm you have to regenerate them. So, save them in a secure location.
7. Always setup Multi-factor Authentication(MFA) on your root account.
8. You can create and customise your own password rotation policies.
Reference:
1. AWS Documentation - AWS Identity and Access Management Documentation
https://docs.aws.amazon.com/iam/
2. Udemy - AWS Solutions Architect - Associate:
https://www.udemy.com/aws-certified-solutions-architect-associate/
最初發表 / 最後更新: 2019.01.30 / 2020.06.08
0 comments:
張貼留言