- EC2를 위한 Role을 만들기 위해 - Entity Type을 AWS Service를 고른다
- Use Case는 EC2를 고른다
-
나의 iam 을 읽을 수 있게 허락해주는 permission을 추가해준다
-
Role이름을 적어준다. 밑을 보면 정책이 생성된것을 볼 수 있다.
-
Create Role 하면 된다!
IAM Security Tools
- IAM Credentials Report (account-level)
- 모든 계정 유저들과 상태를 리스트 해준다
- IAM Access Advisor (user-level)
- 허락된 권한을 보여주고 마지막 접속 시간도 보여준다 => 정책을 개정할때 사용
지켜야할 수칙들
- Don’t use the root account except for AWS account setup
- Assign users to groups and assign permissions to groups
- Use and enforce the use of Multi Factor Authentication (MFA)
- Create and use Roles for giving permissions to AWS services
- Never share IAM users & Access Keys
Shared Responsibility Model for IAM
Quiz
Question 3:
Which answer is INCORRECT regarding IAM Users?
=> IAM Users access AWS using a username and a password.
- You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.
IAM Section – Summary
• Users: mapped to a physical user, has a password for AWS Console
• Groups: contains users only
• Policies: JSON document that outlines permissions for users or groups • Roles: for EC2 instances or AWS services
• Security: MFA + Password Policy
• AWS CLI: manage your AWS services using the command-line
• AWS SDK: manage your AWS services using a programming language • Access Keys: access AWS using the CLI or SDK
• Audit: IAM Credential Reports & IAM Access Advisor
