Skip to content
Gallery
1. AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM)
IAM Elements
IAM Authentication Methods
IAM Users
IAM Groups
IAM Roles
IAM Policy
Permission Boundary
IAM Policy Evaluation Logic
IAM Best Practices
Misc
Share
Explore

icon picker
AWS Identity and Access Management (IAM)

image.png

IAM Overview

IAM (AWS Identity and Access Management): Service to securely control individual and group access to AWS resources.
Primary Functions: Manage users, groups, roles, access policies, user credentials, password policies, multi-factor authentication (MFA), and API keys.

Key Features

Centralized Control: Provides centralized control of your AWS account.
Shared Access: Enables shared access to your AWS account.
Secure Access: New users have no access to services by default; permissions must be explicitly granted.
Granular Permissions: Allows assigning specific permissions to users.

Components of an IAM User

Username
Password
Permissions

Security Credentials

Access Keys: For programmatic access (CLI, API).
Passwords: For console access.
MFA Devices: For enhanced security.

Authentication Methods

Console Login: Username, password, and MFA code.
AWS API: Use temporary security credentials with MFA.
AWS CLI: Obtain temporary security credentials from STS.

Multi-Factor Authentication (MFA)

Types of MFA Devices:
Virtual MFA devices.
Universal 2nd Factor (U2F) devices.
Hardware MFA devices.
Usage Best Practices: Enable MFA for all users, especially privileged users.
Authentication Codes: Six-digit, single-use codes generated by MFA devices.

Identity Federation

Federation Options: Integration with AD, Facebook, etc., for secure access without creating IAM users.

IAM Policies

Permissions: Must be explicitly granted for users to access services.
Temporary Security Credentials: AWS access key ID, secret access key, and security token.

Best Practices

Root Account: Use only for billing. Avoid using for other activities.
Power User Access: Allows all permissions except management of groups and users.

IAM Properties

Global Service: IAM is universal and does not apply to regions.
Eventual Consistency: Data is replicated across multiple data centers.

IAM Sign-In

URL Format:
Standard: https://My_AWS_Account_ID.signin.aws.amazon.com/console/
Alternative: https://console.aws.amazon.com/ (enter account ID or alias manually)

Integration and Compliance

Service Integration: Integrates with various AWS services.
Compliance: Supports PCI DSS compliance.

Programmatic Access

AWS SDKs: Recommended for API calls.
IAM Query API: Option for making direct calls to IAM web service.
IAM Overview
Key Features
Components of an IAM User
Security Credentials
Authentication Methods
Multi-Factor Authentication (MFA)
Identity Federation
IAM Policies
Best Practices
IAM Properties
IAM Sign-In
Integration and Compliance
Programmatic Access
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.