- IAM = Identity and Access Management
- Root user = user used to create the AWS account. Has full admin rights. New users have no rights until granted access to AWS services.
- User that only needs access to EC2 instances would only be granted those permissions.
- AWS Best Practices: Delete your root access keys, Activate MFA on your root account, Create individual IAM users, Use groups to assign permissions, Apply an IAM password policy.
- Never use your root account for day to day use.
- If you want full admin access, create an IAM user and attach the AdministratorAccess policy to it.
- Use this account as your daily account now.
IAM Users, Groups, Roles, and Policies
- IAM users are users granted access to an AWS account
- Roles = AWS services that have access to other aws services i.e. EC2 instance has access to S3 buckets
- IAM group = collection of IAM users. Can add permissions to group and all users in group will inherit those permissions.
- Best practice to have a password policy that dictates format and renewal rules.
- If user belongs to multiple groups, and any one of those groups has a policy that has a “Deny” effect, the deny will always overwrite the “Allow”.