DEV Community

vikash-agrawal
vikash-agrawal

Posted on

AWS Security Identity And Compliance

IAM (Identity Access Manager)

• It helps in managing roles, groups, policy to be attached with the AWS services
• IAM is global, it’s not restricted to any region.
• Normal AWS account is a root account.
• You can have multiple user defined and attached these with the group, and this group also can be defined.

o   Group is a way to group the users and used to apply the policy and /or role to them.
o   Permission to user can be assigned while tagging it to group or directly with the policy.
o   Access Key Id and Secret Access Key is used to access AWS programmatically.
o   User and Password are used to login to AWS Management Console.
o   New users have no permission when created.
o   Power User Access: Provides full access to AWS services and resources, but does not allow management of Users and groups.
o   Group and Role both contains policies but Group is associated with the user while Role is associated with the AWS service.
o   Custom policy also can be defined.

• To avoid misuse, you can enable Multi Factor Authentication (MFA) to your root account.
• Role is a way to group the policy.
• Policy is permission definition.
• Policy Documents is JSON.
• Allows password rotation policy
• Through the putty or AWS CLI, you can login with the user name (one what you create here), using configure command, but this option creates a file, where it stores the credentials in ~/.aws/credentials:

o   aws_access_key_id
o   aws_secret_access_key

• Roles are more secured than access key and access id.
• Roles are easier to manage.
• Roles can be assigned even after it has been provisioned.

Cognito

• it helps in restrict access to the given AWS services.

Guard Duty

• it monitors the malicious activity in your AWS account.

Inspector

• through this you can run bunch of test cases to find out the vulnerability

Macie

• it scans the S3 bucket and finds out if it has any personal information such as card number, mobile number

Certificate Manager

• by default, AWS provides SSL certificate with domain registration.

Cloud HSM

• it is used to store the keys like public or private keys.

Directory Service

• it integrates the MS level directory

WAF (Web Application File)

Shield

Artifact

Top comments (0)