IAM Features
P
Granting specific resource permission with having to give admin password or access key.
S
Different, granular permissions can be specified. Safe creditians and permission for application to access other AWS resources such as S3 Bucket, Dynamo DB tables.
P
How to secure account from leak, risk of hacking
S
MFA(Multi-factor Authentication) can be used for extrac security. Also support for FIDO (fast identity online) Security.
CloudTrail can log info. about requests for resources in account - based on IAM identity.
P
Access of IAM from different platform/services
S
IAM can be accessed through console, CLI, SDK, and HTTPS API
Understanding how IAM works
P
Lack of understanding when using IAM Resources, identities
S
- Know that user, group, role, policy, ID provider objects are stored in IAM resources.
- IAM identities are IAM resource objects used to identify and group and attach policies. Identities can be separated into users, groups, and roles
- IAM entities resource object that use AWS for AUTH. IAM users and roles. \
- Principals Person or application that uses AWS account root user, an IAM user, or an IAM role to sign in and make request to AWS.
Source
https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html
기술블로거입니다