DEV Community

Roman
Roman

Posted on • Edited on • Originally published at romankurnovskii.com

2 2

AWS IAM Cheat Sheet

  • IAM consists of the following:
    • Users
    • Groups
    • Roles
    • Policy Documents
  • IAM is Global. It doesn't apply to any specific region.
  • There is no charge to use IAM.
  • IAM is compliant with Payment Card Industry (PCI) Data Security Standard (DSS)
  • The "root account" has complete Admin access.
  • Don't use "root account" for everyday use. Instead, create users. A new user will have NO permissions by default. Grant least privilege needed for their job.
  • New user will be assigned with password, Access Key ID & Secret Access Keys. The password will be used to login to AWS management console. Access Key ID & Secret Access Key will be used to login via the APIs and CLI
  • Always setup MFA on your root account.
  • Use Groups to assign permissions to IAM users
  • Use Roles to Delegate permissions. Role is more secure than creating individual user. Roles gives temporary credentials for access; whereas User has long term credentials.
  • Create and customize password rotation policies
  • Policies can be attached to users, groups and roles. Use AWS defined policies, assign permissions wherever possible. Policy is defined in JSON format and contains version, statements, - effect, action, resource, principal, and condition.
  • STS Security Token Service provides temporary security credentials to the trusted users. STS is global and there is no charge to use it.
  • Digest: https://tutorialsdojo.com/aws-identity-and-access-management-iam/
  • IAM best practices - Question might ask you to identify best practices among the given choices. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
  • Difference between when to use Role and User.
  • IAM Policy Simulator - service for testing and troubleshooting IAM Policies. Details

Image description

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more →

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more