IAM (Identity Access Manager)
• It helps in managing roles, groups, policy to be attached with the AWS services
• IAM is global, it’s not restricted to any region.
• Normal AWS account is a root account.
• You can have multiple user defined and attached these with the group, and this group also can be defined.
o Group is a way to group the users and used to apply the policy and /or role to them.
o Permission to user can be assigned while tagging it to group or directly with the policy.
o Access Key Id and Secret Access Key is used to access AWS programmatically.
o User and Password are used to login to AWS Management Console.
o New users have no permission when created.
o Power User Access: Provides full access to AWS services and resources, but does not allow management of Users and groups.
o Group and Role both contains policies but Group is associated with the user while Role is associated with the AWS service.
o Custom policy also can be defined.
• To avoid misuse, you can enable Multi Factor Authentication (MFA) to your root account.
• Role is a way to group the policy.
• Policy is permission definition.
• Policy Documents is JSON.
• Allows password rotation policy
• Through the putty or AWS CLI, you can login with the user name (one what you create here), using configure command, but this option creates a file, where it stores the credentials in ~/.aws/credentials:
o aws_access_key_id
o aws_secret_access_key
• Roles are more secured than access key and access id.
• Roles are easier to manage.
• Roles can be assigned even after it has been provisioned.
Cognito
• it helps in restrict access to the given AWS services.
Guard Duty
• it monitors the malicious activity in your AWS account.
Inspector
• through this you can run bunch of test cases to find out the vulnerability
Macie
• it scans the S3 bucket and finds out if it has any personal information such as card number, mobile number
Certificate Manager
• by default, AWS provides SSL certificate with domain registration.
Cloud HSM
• it is used to store the keys like public or private keys.
Directory Service
• it integrates the MS level directory
Top comments (0)