What is AWS IAM?
IAM stands for Identity Access Management. IAM allows you to manage users and their level of access to the AWS console
What are the key features of IAM?
- Centralised control of your AWS account
- Shared Access to your AWS account
- Granular Permissions
- Identity Federation (i.e. Active Directory, Facebook, LinkedIn, etc.)
- Multi-factor authentication (Highly recommended best practice)
- Temporary access for users/devices and services when necessary
- Custom Password rotation policy
- Integration w/ many AWS services
- Supports PCI DSS compliance
What are Users and Groups? What is the key relationship between them?
- Users are end users (people, employees of an organization, etc.)
- Groups are collections of Users.
- Each user in a group inherits the permissions of the group.
What are IAM Policies?
AWS IAM Policies comprises policy documents, which are JSON documents that give permissions to a user, group, or role.
What is an IAM Role, and what is its purpose in AWS?
An AWS IAM Role is a custom “label” assigned to an AWS resource. It allows one AWS service of AWS to do something with another AWS service.
What permissions does an IAM user have when first created?
A new user has NO permissions when first created (Remember the “least privileges” principle)