DEV Community

Cover image for AWS: Identity and Access Management[cheatsheet]
israel mvono
israel mvono

Posted on

AWS: Identity and Access Management[cheatsheet]

As I begin my journey studying towards being a devOps engineer, I would like to share what I learn throughout my journey. I am currently studying for the AWS CLOUD SOLUTIONS ARCHITECT ASSOCIATE EXAM
In this article, I will share a summary of IAM & AWS CLI

Summary
-IAM = Identity and Access Management

  • Users are people within your organization and they can be grouped[it’s best practice to always assign each member under a group(s). A user can be a member of more than one group.
  • Groups can only contain users but not other groups.
  • Policies define the permissions of the users.[best practice: use the least privilege principle; simply don’t give more permissions than the user needs]
  • Password policy:- you can set up a password policy that ensures higher security for your account.
  • Multi-Factor Authentication – MFA
    . protects your root accounts and IAM users.
    . MFA = password you know + security device you know
    . If a password is stolen or hacked, the account is not compromised.
    .You can use a virtual MFA device[google authenticator, authy} or a U2F Security Key{yubikey by yubico}

  • To access AWS, you have three options:
    . AWS Management Console{protected by password + MFA}
    . AWS Command Line Interface(CLI){protected by access keys}
    . AWS Software Development Kit(SDK) – for code {protected by access keys}

    -Access keys are generated through the AWS console
    . Access Key ID ~= username
    . Secret Access Key ~= password

  • AWS cloudshell is a CLI in the cloud.

  • IAM Credentials Report(account level): this is a report that lists all your account’s users and the status of their various credentials.

  • IAM Access Advisor(user-level): shows the service permissions granted to a user when those services were last accessed.

IAM Guidelines and Best Practices

  • Don’t use the root account except for AWS account setup
  • One physical user = One AWS user
  • Assign users to groups and assign permissions to groups
  • Create a strong password policy
  • Use and enforce the use of Multi-Factor Authentication(MFA)
  • Create and use roles for giving permissions to AWS services
  • Use Access Keys for Programmatic Access(CLI/SDK)
  • Audit permissions of your account with the IAM credentials report and IAM Access Advisor
  • Never share IAM users and Access Keys

Top comments (0)