AWS IAM
Posted on 2021-04-12
IAM - Identity & Access Management
- Whole AWS security:
- Users
- Groups
- Roles
- Root account should never be used
- Users are physical persons, roles are machines
- One IAM USER per physical person
- One IAM ROLE per application
- IAM Federation
- Big enterprises usually integrates their own repo of users with IAM
- these users can log in to AWS using their company credentials
- Identity Federation uses the SAML standard (Active Directory)
- Policies are written in JSON
- Policies defines what Users, Groups and Roles can or cannot do
- Users
- Groups
- Roles
- Root account should never be used
- Users are physical persons, roles are machines
- One IAM USER per physical person
- One IAM ROLE per application
- IAM Federation
- Big enterprises usually integrates their own repo of users with IAM
- these users can log in to AWS using their company credentials
- Identity Federation uses the SAML standard (Active Directory)
- Policies are written in JSON
- Policies defines what Users, Groups and Roles can or cannot do
AWS