DVA-C01 studying - IAM

DVA-C01 software-dev

IAM - Identity and Access Management

What it does?

  • manage users and their level of access to the AWS console and services
  • centralized control over your AWS account
  • shared access to your AWS account
  • granular permissions for different users within your organization
  • identity federation (being able to log in using other identity providers e.g. Active Directory, Okta, and other OpenID Connect (OIDC) or SAML 2.0 (Security Assertion Markup Language 2.0) services)
  • provide multi factor authentication support
  • grants temporary access as necessary
  • allows setting password policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html)
  • integrates with other AWS services
  • supports PCI DSS compliance

Terminology

Notes

  • IAM is global, not regional

  • Root account is created when you first set up your AWS account

    • has complete admin access
    • not recommended for routine work; this should be done through users, groups, and roles
    • new users have no permissions when created
    • Always recommended to set up MFA for root
  • Access Keys

    • access key ID and secret access key are created when a new user is created

    • THIS IS NOT A PASSWORD

    • used for programmatic access to the AWS e.g. api and cli

    • can only view both the access key ID and secret access key ONCE when the account is created

      • afterwards the access key ID is still viewable but the secret access key is not
      • need to regenerate them both if you lose the secret access key