IAM service

• Global – IAM is a global, not region specific
• User – A user is a unique identity recognized by AWS services and applications
• Group – A group is a collection of IAM users
• Roles – To perform a task. Role is an IAM entity with permissions for making AWS service requests. IAM roles are not associated with a specific user or group. User and services assume a role to carry out a task
• Policy – Permission document in json format
• MFA – Multi-factor authentication
• Tasks that only roots user can perform. Root user only tasks
• 5 Security status check
  • Delete your root access keys
  • Activate MFA on your root account
  • Create individual IAM users
  • Use groups to assign permissions
  • Apply an IAM password policy
• STS – (Security token) Temporary security credentials valid for a specified duration and for a specific set of permissions
• STS APIs to be aware of GetFederationToken, AssumeRole, AssumeRoleWithSAML or AssumeRoleWithWebIdentity
• Federated user – Managed outside AWS
  • Enterprise identity federation, SAML assertion. Workflow
  • Web identity federation (Google, Facebook etc.)
  • Can use Cognito service to manage web and mobile logins

Home | IAM | S3 |CloudFront | SQS | EC2 | RDS | Route53