AWS - IAM

IAM is a global service, so it doesn't require region.

 

Physically means users, groups, roles

 

it will be used very first time

it must be created with proper permissions

IAM is at the center of AWS

Policies are written in JSON

 

Users -> Usually a physical person

Groups -> functions(admins, devops), teams(engineering, design), contains users

Roles -> internal usage within AWS resourses

IAM has a global view

Permissionsa are governed by Policies (JSON)

MFA (Multi Factor Authentication) can be setup , (Multi clients)

IAM has predefined "managed policies"

It's best to give users the minimal amount of permissions they need to perform their job(least privilege principles)

 

One IAM User per PHYSICAL PERSON

One IAM Role per Application

IAM credentials should NEVER BE SHARED

Never, ever, ever, ever, write IAM credentials in code. EVER

Never commit you IAM credentials

Never use the ROOT account except for initial setup

Never use ROOT IAM Credentials