Identity Access Management
- Global - no need to specify a region
- Once created, this is applicable GLOBALLY.
3 ways to access AWS Console
- Console
- Programmatically (was-cli)
- SDK
Root Account
- Email address used to setup the AWS account
- Has full administrator access
- Secure with Multi-Factor Authentication
- Create users for each individual for your organisation
Group
- Store your users
- Could apply policy to a group
- Members of that group get the same access
IAM Best Practices
Root Account
- Do not use for login
- Create a “working account”
MFA
- Always enable
Users
- One user = One real human being
User/Groups/Policies
- Always place users in groups.
- Apply policies to groups.
Password Policies
- Have a strong password rotation policy
Access Keys
- Use access keys for programmatic access
Roles
- Use roles to access other AWS services.
IAM Credential Report
- Use IAM credential reports to audit the permissions of your users/accounts.
Top comments (0)