Overview of Identity and Access Management πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»πŸ”

  • IAM = Identity and Access Management
  • Root user = user used to create the AWS account. Has full admin rights. New users have no rights until granted access to AWS services.
  • User that only needs access to EC2 instances would only be granted those permissions.
  • AWS Best Practices: Delete your root access keys, Activate MFA on your root account, Create individual IAM users, Use groups to assign permissions, Apply an IAM password policy.
  • Never use your root account for day to day use.
  • If you want full admin access, create an IAM user and attach the AdministratorAccess policy to it.
  • Use this account as your daily account now.

IAM Users, Groups, Roles, and Policies

  • IAM users are users granted access to an AWS account
  • Roles = AWS services that have access to other aws services i.e. EC2 instance has access to S3 buckets
  • IAM group = collection of IAM users. Can add permissions to group and all users in group will inherit those permissions.
  • Best practice to have a password policy that dictates format and renewal rules.
  • If user belongs to multiple groups, and any one of those groups has a policy that has a β€œDeny” effect, the deny will always overwrite the β€œAllow”.