abstract

The concern is documenting the I AM (IAM) service

video

contents

1. def

  • create user
  • configure privileges
  • free for all
  • manages both
    • authentication
    • authorization

2. authenticate

  • verify user for you

3. authorize

  • configure what that user can do

4. federation

  • use external provider for large orgs with SAML such as AD

5. identity types

user

group

role

  • enables a user or AWS service to assume permissions for a task
  • give a role to the server for, e.g., access to an s3 bucket

6. policy

  • .json doc defining permissions for an AWS IAM identity
  • defines
    • aWS services that the identity can access
    • actions within the service that can be done
  • can be customer-managed
  • can be aws-managed, aka manager policies
    • templated

policy_file_example

best practice

mfa

  • multifactor authentication

lpa

  • least privilege access

7. sources