Scribd Logo
Upload

Welcome to Scribd!

  • 5 views

    AWS IAM Guide

    Uploaded by

    Rohit Kulkarni
    Aws guide for students

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    AWS IAM Guide

    Uploaded by

    Rohit Kulkarni
    5 views15 pages
    Aws guide for students

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Aws guide for students

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    5 views15 pages

    AWS IAM Guide

    Uploaded by

    Rohit Kulkarni
    Aws guide for students

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 15

    AWS IAM Full

    Guide
    Identity & Access
    Management
    What is IAM?
    In the vast landscape of AWS,
    think of IAM as your security
    maestro directing who gets to
    access what. It's like having a
    backstage manager, ensuring only
    the authorized crew can tweak the
    settings.

    Rajan Kafle DevOps Engineer


    I A M : U SE RS

    Individuals within your


    organization.

    Can exist independently without


    belonging to any group.

    Have the flexibility to belong to


    multiple groups if needed.

    Rajan Kafle DevOps Engineer


    I A M : G ROU PS

    Containers that exclusively hold


    users, not other groups.

    Serve as a way to organize and


    manage sets of users.

    Users can be easily grouped together


    based on shared responsibilities

    Rajan Kafle DevOps Engineer


    IAM: USERS & Groups Diagram

    Rajan Kafle DevOps Engineer


    I A M : PE RMI SSI ONS

    Users or Groups can be assigned


    JSON documents known as
    policies.

    Policies define the permissions


    granted to users or groups.

    Follow AWS least privilege principle.

    Rajan Kafle DevOps Engineer


    IAM: Sample JSON Policy
    IAM: Policies Inheritance Diagram

    Rajan Kafle DevOps Engineer


    I A M : M U LT I FAC T O R AU T H E NT I CA T I ON - MF A

    Users with AWS access can possibly


    change configurations or delete
    resources

    To protect Root account and IAM


    Users MFA is used

    MFA = password + own device.


    Even if password is stolen , account
    stays secure.

    Rajan Kafle DevOps Engineer


    I A M : M FA DE V I C E S O P T I O NS

    Google Authenticator or
    Authy

    YubiKey by Yubico

    Hardware Key Fob MFA


    Device by Gemalto

    Rajan Kafle DevOps Engineer


    I A M ROLE S FOR S E RV I CE S

    Some AWS services might need to


    perform actions on our behalf

    To do so, Permissions are


    assigned to AWS services with
    IAM roles

    Like EC2 instance role, Lambda


    function role, etc.

    Rajan Kafle DevOps Engineer


    I A M B E ST PRACT I CE S

    Never Use Root account except


    for account setup.

    Assign every physical user a


    seperate IAM account.

    Assign Users to Group and


    provide permissions to groups

    Rajan Kafle DevOps Engineer


    I A M B E ST PRACT I CE S

    Utilize Roles to grant permissions


    to AWS services efficiently

    Use MFA for extra layer security

    Use Access Keys for


    Programmatic Access (CLI / SDK)

    Rajan Kafle DevOps Engineer


    I A M B E ST PRACT I CE S

    Audit permissions using IAM


    Credentials Report & IAM Access
    Advisor

    Never share IAM users & Access


    Keys

    Periodically review and align


    permissions with least privilege

    Rajan Kafle DevOps Engineer


    THANK YOU
    For Reading

    Rajan Kafle DevOps Engineer

    You might also like