Identity Access Management (IAM)

Identity Access Management

  • Global - no need to specify a region
  • Once created, this is applicable GLOBALLY.

3 ways to access AWS Console

  1. Console
  2. Programmatically (was-cli)
  3. SDK

Root Account

  • Email address used to setup the AWS account
  • Has full administrator access
  • Secure with Multi-Factor Authentication
  • Create users for each individual for your organisation

Group

  • Store your users
  • Could apply policy to a group
  • Members of that group get the same access

IAM Best Practices

Root Account

  • Do not use for login
  • Create a “working account”

MFA

  • Always enable

Users

  • One user = One real human being

User/Groups/Policies

  • Always place users in groups.
  • Apply policies to groups.

Password Policies

  • Have a strong password rotation policy

Access Keys

  • Use access keys for programmatic access

Roles

  • Use roles to access other AWS services.

IAM Credential Report

  • Use IAM credential reports to audit the permissions of your users/accounts.

19