What is IAM ? (Identity Access Management)
Basically IAM allows you to manage users and their level of access to the AWS console.
It is important to understand IAM and how it works both for the exam and for administrating a company's AWS account in real life.
Basically You need to understand IAM because IAM allows you to set up users groups permissions and roles and basically allows you to grant access to different parts of the AWS platform.
Key Features of IAM :
- Centralized control of your AWS account
- Shared access to your AWB account
- Granular permissions
- Identity Federation (like Active directory, Facebook, LinkedIn, google etc)
- Multi factor authentication.
- Provides temporary access for users or devices and services where necessary
- Allows you to set up your own password rotation policy
- Integrates with many different AWS services
- It supports PCI DSW compliant so PCI DNS compliance.
Some key terminology for IAM that we need to learn.
• Users :
End users such as people employees of an organisation etc.
• Groups :
• Policies :A collection of users so each user in the group will inherit the permissions of the group. So you might have a group that is able to access S3 and you might have another group that's able to access to another section So long as that user is in that group that user will inherit the permissions of the group.
• Roles :Policies are made up of documents policy documents. These documents are formatted in JSON. They gives you permissions as to what a user group or role is able to do.
you create roles and assign them to AWS resource
Comments
Post a Comment