-
Identity and Access Management(IAM)Cloud/AWS 2020. 7. 10. 20:20
1. Overview
Identity and Access Management(IAM) has a global view. Permissions are governed by Policies written in JSON. Multi-Factor Authentication(MFA) can be set up. IAM has predefined "managed policies". It's best to give users the minimal amount of permissions they need to perform their job(least privilege principles). Root account should never be used and shared. Users must be created with proper permissions. IAM is at the center of AWS. Polices are written in JSON.
2. Description
2.1 Components
- Users
- Groups
- Roles
2.2 IAM Federation
- Big enterprises usually integrate their own repository of users with IAM
- This way, one can log in into AWS using their company credentials
- Identity Federation uses the SAML standard (Active Directory)
2.3 Recommendation
- One IAM User per PHYSICAL PERSON
- One IAM Role per Application
- IAM credentials should never be shared
- Never write IAM credentials in code
- Never use the ROOT account except for initial setup
- Never use ROOT IAM Credentials
3. Reference
'Cloud > AWS' 카테고리의 다른 글
ElasticBeanStalk (0) 2020.08.02 AWS Relational Database Service(RDS) (0) 2020.07.26 Elastic Load Balancing (ELB) (0) 2020.07.12 Serverless Architecture in AWS and Serverless Application Model(SAM) (0) 2020.07.11 Elastic Compute Cloud (EC2) (0) 2020.07.10