-
What does IAM give you?
-centralized control of your AWS account
-shared accedd to your account.
-granular permissions: means different access to different users.
-identity federation (include AD,Fb,LinkedIn,etc)
-Multifactor Authentication
-Provides temporary access for users/devices and services, as necessary within your account.Like access to database.
-Allows you to set up your own password rotation policy.
-Integrates with many different AWS services.
-Supports PCI DSS Compliance
Critical terms:
-users--end users
-Groups-collection of users under one set of permissions.Like DB team,marketing team,etc
-Roles-assign them to aws resources after creation.Role is used to define a set of permissions, example S3 bucket access, which can be used by an user or an ec2 instance which will query a db or acccess files.
-Policies-A document(json format) that defines one (or more) permissions, which can be assigned to an user/group/role.
US East(N. Virginia) Region-- is the place where new services will be started first.
IAM is common to all regions, it is not region specific like other resources.
Services menu-Security,Identity & Compliance section - IAM (Identity Access Management)
In this Dashboard, it will show the personal link to access the console, we can change/customize it.
Here we can activate MFA(both virtual and physical device),create new IAM users,use groups to assign permissions, can apply password policy.
when the user created, it will show access key and secret access key(for programmatic access),password in the final page.These details can't be retireved again, only we can generate a new key later.So we need to save/download(as .csv file) it at this page.
What does IAM give you?
-centralized control of your AWS account
-shared accedd to your account.
-granular permissions: means different access to different users.
-identity federation (include AD,Fb,LinkedIn,etc)
-Multifactor Authentication
-Provides temporary access for users/devices and services, as necessary within your account.Like access to database.
-Allows you to set up your own password rotation policy.
-Integrates with many different AWS services.
-Supports PCI DSS Compliance
Critical terms:
-users--end users
-Groups-collection of users under one set of permissions.Like DB team,marketing team,etc
-Roles-assign them to aws resources after creation.Role is used to define a set of permissions, example S3 bucket access, which can be used by an user or an ec2 instance which will query a db or acccess files.
-Policies-A document(json format) that defines one (or more) permissions, which can be assigned to an user/group/role.
US East(N. Virginia) Region-- is the place where new services will be started first.
IAM is common to all regions, it is not region specific like other resources.
Services menu-Security,Identity & Compliance section - IAM (Identity Access Management)
In this Dashboard, it will show the personal link to access the console, we can change/customize it.
Here we can activate MFA(both virtual and physical device),create new IAM users,use groups to assign permissions, can apply password policy.
when the user created, it will show access key and secret access key(for programmatic access),password in the final page.These details can't be retireved again, only we can generate a new key later.So we need to save/download(as .csv file) it at this page.
No comments:
Post a Comment