IAM
Identity and Access Management
IAM manages user passwords, multi-factor authentication, access keys and ssh keys.
Permissions are controlled over policies.
Policies
By default users have no permissions. Policies make it easy to assign permissions to users or groups. Policies can be specific on a resource level or broad on a service level.
Policy Statement
consists of 3 parts:
Action (what operation a user can perform)
Effect (Allow or Deny)
Resource (on what the action can be performed, * as wildcard for all)
AWS provides pre-created policies. These are general purpose, service-wide permissions.
A policy (AdministratorAccess) could look like this:
Roles
Roles are sort of like users that can't login. We can attach policies to them.
Switch to IAM
Roles -> Create role
Select EC2 -> Next
Next until Create
A role can be added to a launch configuration via Advanced details -> IAM Instance profile.
Best practices
Don't use the root user, instead create a new user and give it only the needed permissions via a policy and group.
Last updated