Identity Access Management
What is IAM?
Essentially, IAM allows you to manage users and their level of access to the AWS Console. It is important to understand IAM and how it works, both for the exam and for administarting a company’s AWS account in real life.
What does IAM give you?
-Centralized control f your AWS account
-Shared Access to your AWS account
-Granular Permissions
-Identity Federation
-Multifactor Authentication
-Provide temporary access for user/devices and services where necessary
-Allows you to set up your own password rotation policy
-Integrates with many different AWS services
-Supports PCI DSS Compliances
Critical Terms
Users — End Users
Groups — A collection of users under one set of permissions
Roles — You create roles and can then assign them to AWS resources
Policies — A document that defines one or more permissions
Region
IAM is not confined to specific region, so it defaults to Global because it can be applied to all across the world.
IAM users sign-in link
once the account gets created, the account number gets automatically assigned in the form of serial numbers but that could be diffcult to identify for users so you can modify it to be more human-friendly by using the Customize Function.
Security Status
- Delete your root access keys
- Activate MFA(Multifactor Authentification) on your root account
- Create individual IAM users
- Use groups to assign permissions
- Apply an IAM password policy
*root account: the email address you use to sign in
