AWS IAM - Indentity and Access Management

IAM is a region agnostic service since it manages groups, users, roles and policies regardless of their zones.

When you are in the IAM dashboard you'll notice a "IAM users sign-in link" label and next to it a link that seems a bit random, this link is the specific sign-in link for you account and the number in the link is your account number, for branding or to make it easier to remember you can change the display number to something easier to remember by clicking the "Customize" link, for example, here I changed the text to moresoft:


What are IAM roles?

IAM roles are a secure way to grant permissions to entities that you trust. these could be users in another account, an application running in an EC2 instance, an AWS service, users from a corporate directory, etc.
IAM roles issue keys that are valid for short durations, making them a secure way to grant access. An IAM role is an identity that defines a set of permissions for making AWS service requests. IAM roles are not associated with specific users or groups, instead, trusted identities assume roles.

What is a user?

A user is a unique identity recognized by AWS services and applications. A user has a unique name and can identify itself using familiar security credentials such as a password or access key. A user can be an individual, system or application requiring access to AWS services.

What is a group?

A group is a collection of IAM users. Manage group membership as a simple list.:
  • A user can belong to multiple groups.
  • Groups cannot belong to other groups.
  • Groups can be granted permissions using access control policies.
  • Groups do not have security credentials and cannot access web service directly. they exist solely to make it easier to manage user permissions.

Comentarios

Publicar un comentario

Entradas populares de este blog

AWS - Compute Fundamentals

Imagen
Elastic Cloud Compute (EC2) This is the platform that lets you deploy virtual servers within the AWS environment. The following subsections discuss each one of the elements that make EC2. Amazon Machine Images (AMI's) AMI's are templates of pre-configured EC2 instances. An AMI comprises an operating system, applications and custom configuration. When configuring an EC2 instance selecting your AMI is the first choice you need to make, Amazon offers a lot of AMI configurations but you can also create your own AMIs and reuse them to start you EC2 instances. To create an AMI instance you start with one of the existing Amazon AMIs (you can select one of the AMIs offered directly by Amazon or pick one from the AMI Marketplace ) and create an EC2 instance from it, then you proceed to install your custom applications and configuration to end with a customized EC2 instance which now you can save as an AMI template. You can also create your own AMI from scratch, instead of...
Leer más

AWS - Application Services

Simple Queue Service (SQS) Amazon SQS is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them. Amazon SQS is a distributed queue service that enables web service applications to quickly and reliably queue messages that one component in the application generates and another consumes. A queue is a temporary repository for messages that are awaiting processing. Messages can contain up to 256KB of text in any format. There are two types of queues: Standard queues (default): Lets you have nearly unlimited number of transactions per second. Standard queues guarantee that a message is delivered at least once. However, occasionally (because of the highly distributed architecture that allows high throughput), more than once copy of a message might be delivered out of order. Standard queues provide best-effort ordering which ensures that messages are generally delivered in the same order as they are sent. ...
Leer más