IAM Introduction:
In this section we will learn about
- Users
- Groups
- Policies
IAM - IAM is stand for Identity and Access Management, Global Service
Root Account - Root account created by default, we are not allowed to share root account credential to anyone or work on daily bases for daily used we always user the user. So, we need to create the user.
Users - Users are people within your organization and can be grouped together. User can belong to multiple groups.
Groups - Groups is collection of multiple users. Suppose we have team of 10 people, 5 belong to development group, 5 belong to operations group. So, we can create the groups of peoples as per team requirement. Groups only contains users.
IAM Permissions:
- Policies: Users and groups can be assigned JSON documents called policies.
Note:
- Make it cost effective then always remember don't give more privileges to users.
- Follow the least privilege principle.😖😖😖
Example: (JSON)
{
"Version" : "2022-10-13",
"Statement": [
{
"Effect": "Allow",
"Action": "EC2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticcloadbalancing:Describe*",
"Resource": "*"
},
{
"Effect":"Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource": "*"
}
]
}
No comments:
Post a Comment