Identity and Access Management (IAM)
- Is all about authentication and authorization.
IAM terms
- Accountid: Every AWS account has a unique account id
- User:
- Giving authentication to someone
- Group:
- Categorizing users by some name
- Eg: Admin, Developer, tester
- Role:
- Is authentication and authorization given to AWS Service/Resource
- Policy:
- Authorization.
- Two kinds of Policies
- AWS Managed Policies
- User Managed Policies
- Policies can be created from console using UI options/JSON
AWS Resources Creations
- For any resource that is created in AWS a unique id is generated. That is called as ARN(Amazon Resource Name)
- ARN can be computed.
- AWS Provides patterns for finding ARN
Policy evaluation when conflict arises
- Conflict of Policy can arise from
- Multiple policies in User or Group
- User Policy vs Group Policy
- In AWS Policy Evaluation Deny has more priority/Weight than ALLOW, so irrespective of position (User/Group), DENY is always the winner.
