Grasp the principles of Identity and Access Management (IAM) on Amazon Web Services. Learn how to setup access policies to enable users to access different services and perform actions. Follow the tutorials to start working with IAM.
Examples
Exercises
Context
In cloud computing, we combine multiple services to perform some functionality. Within a cloud computing platform, such as AWS, we perform each action as a principal (user, role, app, ..). By default, cloud platforms enforce a zero trust policy model on principals. This means that principals are not allowed to perform any actions on any services until they are explicitly whitelisted with a policy.
The principle of least privilege states that a subject (user, service, process) should be granted only the minimum permissions necessary to perform its intended function - and no more.
In modern systems breaches are inevitable, bugs exist, credentials leak and software is compromised.
So the real question is not: “Can an attacker get access?” but “What can they do once they have access?”
So the least privilege principle minimizes the blast radius of failure.
AWS Identity and Access Management (IAM) is a web service that helps to securely control access to AWS resources. With IAM, we can centrally manage permissions that control which AWS resources users can access. We use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
What is IAM? - AWS Identity and Access Management
The general overview provides definitions for terms used in IAM. Principals are users, roles, or applications that must authenticate. Policies are used to grant principals the authority to perform actions on resources.
