IAM Flashcards
what does IAM stand for?
identity access management
what is IAM?
Well basically IAM allows you to manage users and their level of access to the
AWS console
What does IAM allows you to perform?
IAM allows you to set up users, groups,
permissions, and roles and basically allows you to grant access to different parts of the AWS platform.
IAM features
It gives you centralized control of your AWS account.
It gives you shared access to your AWS account.
It gives you granular permissions.
It gives you Identity Federation.
IAM also gives you multifactor authentication.
it also provides temporary
access for users or devices and services where necessary.
It also allows you to set up your own password rotation policy.
it integrates with many different AWS
services and it supports PCI DSS compliance.
key terminology for IAM
Users - this is just simply end users such as people, employees of an organization,
etc.
Groups - So this is a collection of users.
So each user in the group will inherit the permissions of the group. So you might have a group that is able to access S3 and you might have another
group that’s able to access EC2. If so long as that user is in that group, that user will inherit the permissions of the group.
Policies - policies are made up of these things called documents, policy documents and these documents are formatted in JSON. So Java script object notation language and it basically gives you permissions as to what a user, group, or role is able to do.
Roles - So policies are your permissions and then roles are basically you create a role and you assign them to a AWS resource. A role is a way of allowing one part of AWS to do something with another part. So you might give a virtual machine inside AWS the ability to write files to S3, which is a type of storage within AWS.
IAM Universal
IAM is universal.
It does not apply to regions at this time.
So when you create a user,
you’re creating that user globally
same when you create a role or when you create a group.
Root account
root account is simply the account created when you first set up your AWS account.
It has complete administrator access,
and it’s always using your email address
so that’s sometimes called the root account email address and the password that you configured.
New user has no policy
new users have no permissions when first created.
We had to give our user, Ryan Kroonenberg, permissions. And to do that we created a administrator access policy. We assigned that to the developers group.
two different types of access.
management console access and
Programmatic access
Access key ID
New users are assigned an access key ID and secret access key when first created. They use this to programmatically access the AWS ecosystem. And again, this is completely optional. You can just say, okay, I only want, you know, console access, or I want programmatic access.
Access key ID cannot be used to login in to console
the user access key ID and secret access key are not the same as the password. So you can’t use the access key ID and secret access key to log in to the console. You can only use it for programmatic access.
