![Cover image for AWS: Identity and Access Management[cheatsheet]](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0hi43w06aubsvejmt6e2.jpg)
As I begin my journey studying towards being a devOps engineer, I would like to share what I learn throughout my journey. I am currently studying for the AWS CLOUD SOLUTIONS ARCHITECT ASSOCIATE EXAM
In this article, I will share a summary of IAM & AWS CLI
Summary
-IAM = Identity and Access Management
- Users are people within your organization and they can be grouped[it’s best practice to always assign each member under a group(s). A user can be a member of more than one group.
- Groups can only contain users but not other groups.
- Policies define the permissions of the users.[best practice: use the least privilege principle; simply don’t give more permissions than the user needs]
- Password policy:- you can set up a password policy that ensures higher security for your account.
Multi-Factor Authentication – MFA
. protects your root accounts and IAM users.
. MFA = password you know + security device you know
. If a password is stolen or hacked, the account is not compromised.
.You can use a virtual MFA device[google authenticator, authy} or a U2F Security Key{yubikey by yubico}To access AWS, you have three options:
. AWS Management Console{protected by password + MFA}
. AWS Command Line Interface(CLI){protected by access keys}
. AWS Software Development Kit(SDK) – for code {protected by access keys}
-Access keys are generated through the AWS console
. Access Key ID ~= username
. Secret Access Key ~= passwordAWS cloudshell is a CLI in the cloud.
IAM Credentials Report(account level): this is a report that lists all your account’s users and the status of their various credentials.
IAM Access Advisor(user-level): shows the service permissions granted to a user when those services were last accessed.
IAM Guidelines and Best Practices
- Don’t use the root account except for AWS account setup
- One physical user = One AWS user
- Assign users to groups and assign permissions to groups
- Create a strong password policy
- Use and enforce the use of Multi-Factor Authentication(MFA)
- Create and use roles for giving permissions to AWS services
- Use Access Keys for Programmatic Access(CLI/SDK)
- Audit permissions of your account with the IAM credentials report and IAM Access Advisor
- Never share IAM users and Access Keys
Top comments (0)