title | date | tags | ||||
---|---|---|---|---|---|---|
AWS Certified Cloud Practitioner - Identity and Access Management |
2023-12-26 |
|
It is a Global service.
- Root: default and shouldn't be used
- Users: can be grouped
Groupes only contain users not other groups.
AWS: Infra, Config and vulnerability analysis, Compliance validation User:
- User, Group, Role and Policy management
- MFA
- Rotate keys often
- Use IAM tools to apply appropriate permissions
- Analyze access patterns and review permissions
User or Groups can be assigned JSON "policy" file(what's allowed for it) Apply the "least privilege principle"
Normaly it's better to create an IAM user and use it over root account for most operations.
- Users inherite Group policies
- Users can have their own "inline" plicies.
- A User can inherite different groups policies.
- Version: usally a date string
- ID: optional
- Statements: Sid, Effect(Allow or deny), Principal(applied user/account...), Action, Resources(AWS services), Condition(optional)
- Set password policy
Roles are assigned to AWS services Ex: EC2 Instance Roles, Lambda Function Roles, Roles for CloudFormation...etc.
- IAM Credentials Report
- IAM Access Advisor
Need to activate IAM Access for billing functionalities. Find billing source, Check Free tier services, Set Budgets
- Don't use the root account except for AWS account setup
- One Physical user = One AWS user
- Assign users to groups and assign permissions to groups(avoid inline policies)
- Strong password policy
- MFA
- Roles to give permissions to AWS services
- Use Access Keys for CLI/SDK...
- Audit permissions using IAM Credentials Report & IAM Access Advisorj