IAM is used to manage permissions.
An user is mapped to a real world person.
Can belong to multiple groups, or no group at all.
A group is a set of users.
A policy is a JSON document describing user or group permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow", // Or Deny
"Action": "ec2:ModifyImageAttribute", // Action to allow / deny
"Resource": "arn:aws:ec2:us-east-1::image/ami-*", // AWS service which the action is applied to
"Condition": { // Optional
"StringEquals": {
"ec2:Attribute/Description": [
"Production",
"Development"
]
}
}
}
]
}Use a real device that you own to unlock your account, should be used everywhere.
Used to access AWS API.
Wrapper around the AWS API, to use when programming. Requires an access key.
CLI wrapper around AWS API. Requires an access key.
An online terminal to access AWS CLI.
Permissions but for AWS services. If a service need to interact with another.
- IAM Credentials Report: Report all users credentials status
- IAM Access Advisor: Show the permissions granted to an user and the last access.
Monitor access to services. Recap resource policies for taking actions.
- AWS: Infrastructure, Configuration, Vulnerability analysis, Compliance Validation
- User: Internal security, policies, key rotation, permissions.