What is IAM?
Essentially, IAM allows you to manage users and their level of access to the AWS Console. It is important to understand IAM and how it works, both for the exam and for administration a company's AWS account in real life.
What does IAM gives you?
Critical Terms:
LAB:
Create Groups: An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group.
Create User:
Create Roles: it a way to allow one AWS service to interact with another AWS service.
S3-ADMIN-ACCESS
Policy / Permissions:
Can add permissions to individually or to group.
IAM Consists of the below:
Essentially, IAM allows you to manage users and their level of access to the AWS Console. It is important to understand IAM and how it works, both for the exam and for administration a company's AWS account in real life.
What does IAM gives you?
- Centralised control of your AWS account
- Shared Access to you AWS account
- Granular Permissions
- Identity Federation( including Active Directory, Facebook, Linkedin etc)
- Multifactor Authentication
- Provide temporary access of users/devices and services where necessary
- Allows you to set up your own password rotation policy
- Integrates with many different AWS services
- Supports PCI DSS Compliance
Critical Terms:
- Users - End Users (think people)
- Groups - A collection of users under one set of permissions.
- Roes - You create roles and can then assign them to AWS resources.
- Policies - A document that defines one (or more permissions)
LAB:
Create Groups: An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group.
- SG_SYSTEM_ADMIN
- SG_S3_RW
- SG_S3_R
Create User:
- SANDEEP - SG_SYSTEM_ADMIN
- PAWAN - SG_S3_RW
- POONAM - SG_S3_RW
- ISHAN - SG_S3_RW
- HIMANSHU - SG_S3_R
- JITENDER - SG_S3_R
Create Roles: it a way to allow one AWS service to interact with another AWS service.
S3-ADMIN-ACCESS
Policy / Permissions:
Can add permissions to individually or to group.
- AmazonGlacierReadOnlyAccess - AWS Managed Policy
- IAMUserChangePassword - AWS Manage Policy
- AmazonS3ReadOnlyAccess - AWS Manage Policy from group HR
IAM Consists of the below:
- Users
- Groups (A way to group our users and apply polices to them collectively)
- Roles
- Policy Documents (json doc)
- IAM is universal. It does not apply to regions at this time.
- The root account is simply the account created when first setup AWS account. It has complete Admin access.
- New users has NO permissions when first created.
- New users are assigned Access Key ID & Secret Access Keys when first created. You can use this to access AWS via the APIs and command line.
- You only get to view these once. If you loose them, you have to regenerate them. So save them in a secure location.
- Always setup Multifactor Authentication on your root account.
- You can create and customise your own password rotation policies.
No comments:
Post a Comment