☀️
Dev7Days
  • 😄Welcome
  • Local Setup
    • ⚙️Setup Terminal
    • ⚙️Setup IDE
    • ⚙️Setup Neovim
  • Rust
    • 🦀Cargo
  • Java
    • 🍃Spring Boot
      • Spring Boot Annotaion
      • Spring Boot Learning
    • 🍃JDK vs JRE vs JVM
    • 🍃What is JDBC ?
    • 🍃What is Data Source in Java ?
    • 🍃Check vs Unchecked Exception
    • 🍃What is Servlet in Java ?
    • 🍃Filter vs Interceptor
    • 🍃Mockito
    • 🍃Maven CLI
    • 🍃Maven Archetype
  • Go
    • 🔹Go Routine and Channel
    • 🔹Go CLI
  • Ruby and Rails
    • ♦️Ruby Syntax
    • ♦️Rails Framework
    • ♦️Rails Structure
  • Fundamental
    • 📚Git Command
    • 📚Interpreter vs Compiler
    • 📚DTO vs DAO
    • 📚Http Status
    • 📚What is Batch Process ?
    • 📚Https
    • 📚Local Storage vs Session Storage vs Cookies
    • 📚Authentication & Authorization
    • 📚Database Index
    • 📚What is GRPC ?
    • 📚What is Microservice ?
  • Database
    • 🗃️What is Transaction ?
    • 🗃️ACID
  • Postgres
    • 🐘SELECT
    • 🐘Column Alias
    • 🐘Order By
    • 🐘SELECT DISTINCT
  • Elastic Search
    • 🔍What is Elastic Search ?
    • 🔍Node and Cluster
  • Kubernetes
    • ☸️What is Kubernetes ?
    • ☸️Kubernetes Architecture
      • Node
      • ETCD
      • Kube API Server
      • Controller Manager
      • Kube Scheduler
      • Kubelet
      • Kube Proxy
  • ☸️Pod
  • ☸️ReplicaSet
  • ☸️Deployment
  • ☸️Service
  • ☸️Config Map
  • ☸️Namespaces
  • ☸️Kube Apply Command
  • ☸️Scheduling
    • Manual Scheduling
    • Labels and Selectors
    • Taints and Tolerations
    • Node Selector
    • Node Affinity
    • Resource Requirements and Limits
    • DaemonSets
    • Static Pods
    • MultipleSchedulers
  • ☸️Monitoring
  • AWS
    • 🔸How can users access AWS ?
    • 🔸IAM
    • 🔸EC2
      • User Data
      • Instance Types
      • Security Group
      • Purchasing Options
      • Placement Groups
      • Elastic Network Interface (ENI)
      • EC2 Hibernate
      • EC2 Storage
    • 🔸ELB & ASG
      • Health Checks
      • Target Group
      • ELB Types
      • Sticky Sessions
      • Cross Zone Load Balancing
      • Load Balancer - SSL and SNI
      • Deregistration Delay
      • ASG
    • 🔸RDS & Aurora DB
      • RDS
        • Storage Auto Scaling
        • Read Replica
        • Multi AZ
        • RDS Custom
        • Backup
        • RDS Proxy
      • AWS Aurora
        • Read Replica
        • Endpoint and Auto Scaling
        • Aurora Serverless
        • Global Database
        • Machine Learning
        • Backup
        • Database Cloning
      • RDS & Aurora Restore options
      • RDS & Aurora Security
    • 🔸Elastic Cache
    • 🔸Route 53
      • Records
      • Hosted Zones
      • Health Check
      • Routing Policies
  • Backend Security
    • 🎩SQL Injection
    • 🎩Cross site script (XSS)
    • 🎩Cross site request forgery (CSRF)
    • 🎩Man in the Middle (MITM)
    • 🎩Insecure Direct Object Reference (IDOR)
    • 🎩Distributed denial of service (DDOS)
  • Medium
    • 👨‍💻Gamer to Coder
    • 🐳Docker
      • Docker #1
      • Docker #2
    • 💊DI and IOC
    • ☸️Kubernetes
  • Book
    • 📚System Design Interview - An Insider's Guide (Volume 1
Powered by GitBook
On this page
  1. AWS

IAM

Describe about What is IAM?

PreviousHow can users access AWS ?NextEC2

Last updated 1 year ago

IAM is the one service of AWS that manage the users. It is a global service (cross available zone ~ AZ). The first time that we have created the account on AWS it will create root account for you as default , should not be used or shared this account. we should generate new users from this root account instead. Users Group

It is the feature of IAM that you can create the group and assign user to thr group (user does not mandate to have a group). In the group we can create the policies and add to each group separately to grant permission of the users in group.

user can have zero or multiple group. when user have multiple group so he will also have permission from multiple policies. In AWS you apply the least privilege principle; don't give more permissions than a user needs.

IAM Policies structure

Consist of

  • Version (optional)

  • Statement (required) (array object)

Statements consist of

  • SID: Id for the statement (optional)

  • Effect: allow or deny access (Allow, Deny)

  • Principle: apply to user/account/role

  • Action: action of this policy "s3:GetObject"

  • Resource: list of resources "mybucket/*"

Security

In AWS we have Password policy to apply for IAM to require user to create the password with our pattern. example

  1. minimum length

  2. uppercase

  3. expiration password (change every 1 month)

  4. prevent reuse

Moreover you can set MFA to make it is more secure.

IAM Roles for services

Some AWS service will need to perform actions so we will assign permissions to AWS services with IAM roles.

Example: we want our EC2 can access other service on our AWS

IAM Security Tools

  • Credentials Report (Account-level) list all of youe account's user, status of credentials

  • Access Advisor (User-level) show service permission grant to a user and when thos service were last accessed

🔸
Drawing
Drawing