AWS Security Model

on
0

AWS IAM Users & Groups

on

 AWS IAM Users & Groups

  • IAM - Identity and access management, global services 
  • Root accounts created by default, should not be used or shared.
  • Users are people within your organization and can be grouped
  • Groupes only contain users, not groups 
  • Users can belong to multiple groups 


IAM Permissions: 

  • Users or Groups can be assigned JSON documents called policies.
  • These policies defined the permission of the users 
  • In AWS you apply the least privilege principle 
    • Dont give more permissions than a user needs

IAM Pollicies Structure 


Consist of 

  • Version:
    • policy laguage version alwayes incledes 2012-10-17"
  • ID
    • Identifier for the policy (optional)
  • Statement
    • One or more indivisula statements required 

Statements consist of 

  • Sid
    • An Identifier for the statement (optional)
  • Effect
    • Whether the statement allow or denies access
  • Principle
    • account user and role to which this policy applied 
  • Action
    • List of action this policy allows or denies
  • Resource
    • List of resources to which the action applied to 
  • Condition
    • Condition for when the policy is effective 

Comments

Post a Comment

if you have questions please let me know