Scribd
Upload
24 views

Module 10 - Identity and Access Management

Uploaded by

srivallinallamelli975
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

Module 10 - Identity and Access Management

Uploaded by

srivallinallamelli975
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Identity and Access Management

Root User

⁻ When you first create an AWS account, you


begin with a single sign-in identity that has
complete access to all AWS services and
resources in the account
⁻ This identity is called the AWS account root
user and is accessed by signing in with the
email address and password that you used
to create the account
AWS Identity and Access Management (IAM)

With AWS Identity and Access Management (IAM), you can specify who or what can access services and
resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions
across AWS
Features of IAM

- Shared access to your AWS account


- Granular permissions
- Secure access to AWS resources for applications that run on Amazon EC2
- Multi-factor authentication (MFA)
- Integrated with many AWS services
- Eventually Consistent
- IAM achieves high availability by replicating data across multiple servers within Amazon's
data centers around the world
- Free to use
IAM Users

- For greater security and organization, you can give access


to your AWS account to specific users—identities that you
create with custom permissions
- Instead of sharing your root user credentials with others,
you can create individual IAM users within your account
that correspond to users in your organization
- IAM users are not separate accounts, they are users
within your account
- Each user can have its own password for access to the
AWS Management Console
IAM User Groups

- An IAM group is a collection of IAM users


- You can use groups to specify permissions
for a collection of users, which can make
those permissions easier to manage for
those users
- For example, you could have a group
called Admins and give that group
the types of permissions that
administrators typically need
- Any user in that group automatically
has the permissions that are assigned
to the group
- It is only a way to attach policies to
multiple users at one time
IAM Roles

- An IAM role is an IAM identity that you can create in your account that has specific permissions
- An IAM role is similar to an IAM user, in that it is an
AWS identity with permission policies that determine
what the identity can and cannot do in AWS.
However, instead of being uniquely associated with
one person, a role is intended to be assumable by
anyone who needs it
- You can use roles to delegate access to users,
applications, or services that don't normally have
access to your AWS resources
- For example, you might want to grant users in your
AWS account access to resources they don't usually
have, or grant users in one AWS account access to
resources in another account
IAM Policies

- You manage access in AWS by creating policies and attaching them to IAM identities (users, groups
of users, or roles) or AWS resources
- A policy is an object in AWS that,
when associated with an identity or
resource, defines their permissions
- AWS evaluates these policies when
an IAM principal (user or role)
makes a request
- Permissions in the policies
determine whether the request is
allowed or denied
- Most policies are stored in AWS as
JSON documents
Access keys and Secret keys

⁻ Access keys are long-term credentials for an IAM user or the AWS account root user
⁻ Can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the
AWS SDK)
⁻ Access keys consist of two parts
⁻ An access key ID (for example, AKIAIOSFODNN7EXAMPLE)
⁻ A Secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)

Like a user name and password, you must use both the access key ID and secret access key together to
authenticate your requests
AWS Organizations

- Account management
service
- Consolidate multiple AWS
accounts into
an organization that you
create and centrally
manage
- Account management
and consolidated billing
capabilities
- Can create accounts in
your organization and
invite existing accounts to
join the organization
- Integration with other
AWS services
1. What IAM is used for ?
2. Define the following
• IAM User
• IAM Group
• IAM Policy
• IAM Role
3. Define AWS Organization
4. What is MFA (Multi-Factor Authentication)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy