AWS Classroom Series – 05/November

Identity and Access Management (IAM)

  • Is all about authentication and authorization.

IAM terms

  • Accountid: Every AWS account has a unique account id
  • User:
    • Giving authentication to someone
  • Group:
    • Categorizing users by some name
    • Eg: Admin, Developer, tester
  • Role:
    • Is authentication and authorization given to AWS Service/Resource
  • Policy:
    • Authorization.
    • Two kinds of Policies
      • AWS Managed Policies
      • User Managed Policies
    • Policies can be created from console using UI options/JSON

AWS Resources Creations

  • For any resource that is created in AWS a unique id is generated. That is called as ARN(Amazon Resource Name)
  • ARN can be computed.
  • AWS Provides patterns for finding ARN

Policy evaluation when conflict arises

  • Conflict of Policy can arise from
    • Multiple policies in User or Group
    • User Policy vs Group Policy
  • In AWS Policy Evaluation Deny has more priority/Weight than ALLOW, so irrespective of position (User/Group), DENY is always the winner.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner