IAM (Identity Access Management)
- Manages access of AWS users and resources.
IAM Core Components
Use case
- Generally, mix and match of it.
Type Policies
Managed VS Customer VS Inline Policy
- Managed Policies
- most commonly permissions you might need. ex. AmazonEC2FullAcess
Customer Managed Policies
- Inline Policies
- you can’t apply them to more than one identity or resource.
Policies
- version
- if this changes, then that means all the rules here could change. SO this doesn’t change very often, if it did make changes, it probably would be minor.
- Statement
- we have an array and multiple. But you don’t want to get multiples, you just get rid of the square brackets there. you could have a single policy element there.
- Sid
- statement identifier
- Effect
- can be either allow or deny.
- Action
- the actual actions the policy will allow or deny. Effect: Deny -> deny policy, we’re denying access all to s3 for a specific user (Principal)
- Principal : conditional field
Password Policy
Programmatic Access Keys
when you create a user, you say it’s allowed to have programmatic access. it’s going to then create an access key for you which is an ID and a secret access key.
as soon as we add a second one, that grey button for creating access ky will vanish. if we want more we would either have to we’d have to remove keys.
MFA(Multi-factor Authentication)
there’s a caveat to it where the user has to be the one that turns it on. Because when you turn it on, you have to connect it to a device. And your administrator is not going to have the device notes on the user to do.
Administrator can do restrict access to resources only to people that are using MFA. So you can’t make the user account itself have MFA. But you can definitely restrict access to API calls.
Words
vanish : 사라지다.
The copyright of all material here is on this video https://www.youtube.com/watch?v=Ia-UEYYR44s
This post is just for studying AWS SAA.
Comments powered by Disqus.