Post

AWS - IAM

Posted
By elelmokao
1 min read
AWS - IAM

Update Date: 2023-03-03

Overview of AWS IAM

IAM Components

  • Users - Gain permissions applied to the group through policy.
    • Account root user - with full permissions
    • Users - up to 5000 users.
    • Can be authenticated via username/password for console or access keys for API/CLI.
  • Group - Way to categorize and organized users.
    • Up to 10 groups per IAM.
    • Manage users well through group.
  • Roles - Used for delegation and are assumed.
    • An IAM identity having specific permissions
    • The role can be “assumed” to the users, applications, or services.
  • Policies - Define the permissions for identities or resources they are associated with.
    • Documents defining permissions and written in JSON.
    • By default, all permissions are denied.
    • Types:
      • Identity-based policies: assumed and managing identities (user, group, role)
      • Resource-based policies: assumed and managed services (EC2, S3)

Create IAM User Account

UserLogin DetailsPermission
Root UserEmail AddressFull
IAM UserName + Account ID or AliasDenied by Default / Given Policies

IAM Authentication and MFA

AWS Security Token Service (STS)

Identity-Based Policies and Resource-Based Policies

Permissions Boundaries

IAM Policy Evaluation Logic

IAM Policy Structure

Ref

The majority of the contents are excerpted and summarized from Digital Cloud

AWS
aws ssa-c03
This post is licensed under CC BY 4.0 by the author.