DEV Community

Andrew Artajos
Andrew Artajos

Posted on

Identity Access Management (IAM)

#aws #cloudpractitioner

Identity Access Management

  • Global - no need to specify a region
  • Once created, this is applicable GLOBALLY.

3 ways to access AWS Console

  1. Console
  2. Programmatically (was-cli)
  3. SDK

Root Account

  • Email address used to setup the AWS account
  • Has full administrator access
  • Secure with Multi-Factor Authentication
  • Create users for each individual for your organisation

Group

  • Store your users
  • Could apply policy to a group
  • Members of that group get the same access

IAM Best Practices

Root Account

  • Do not use for login
  • Create a “working account”

MFA

  • Always enable

Users

  • One user = One real human being

User/Groups/Policies

  • Always place users in groups.
  • Apply policies to groups.

Password Policies

  • Have a strong password rotation policy

Access Keys

  • Use access keys for programmatic access

Roles

  • Use roles to access other AWS services.

IAM Credential Report

  • Use IAM credential reports to audit the permissions of your users/accounts.

Top comments (0)

Read next

naveedsaeed profile image

Running a Database Server on EC2: Best Practices and Considerations

Muhammad Naveed -

kuba_szw profile image

Local Development Server for AWS SAM Lambda Projects

Kuba -

czarinacloud profile image

Balancing AWS Certification and Parenting: A Guide for Busy Professionals

Czarina -

meenamurali76 profile image

Unveiling the myth of Unified Namespace (UNS) and implementing with AWS Native Services

Meena -