-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path01_IAM.txt
44 lines (29 loc) · 2.16 KB
/
01_IAM.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
What is IAM?
Allows you to manage users and their level of access to the AWS console
What does IAM give you?
* Centralised control of your AWS account
* Shared access to your AWS accoun
* Granular Permision
* Identity federation (for example connect to FB / Linkedin / MS Access Directory)
* Multifactor authetication
* Provide Temporarly access to user/devices and services when necessary
* Setup/manage our own password rotation policy
* Integrates with many other AWS services
* Support PCI DSS compliance
Critical Terms:
Users: End users (people)
Groups: Collection of users under one set of permissions
Roles: #** Create roles and assign them to AWS resources
Policies: A document which defines one ore more permissions to users/groups/roles
LAB:
-----
#** Notice IAM it is global, meaning that when we set up users/groups/roles and policies are the same for any other regions.
* We normally have some ID consisting in number which is our user, we can change that in IAM.
* root account in AWS console is the one which you log with your email used to sign up with AWS and you will have root priviledges, that's why better use MFA. So give access all services, so better to create new accounts for different users.
Creating Users:
We'll have two ways to log in to AWS, we can do AWS Console Access (the normal throught the webconsole) or the Programmatic Access to which we can access using CLI,API and so (normally used for APP have access to services.
#** When creating an user (with Programmatic Access),we will get an 'Access Key ID' and a'Secret Access key', these credential are using for accessing via to AWS with API or CLI (NOT via AWS CONSOLE!!). When you create these users you got to see just ONCE the info about passwords and keys
ROLES: It's a way to grant permissions to entity that you trust
Setting Billing Alarms: (In reality is from Account Management section)
-----------------------
We'll create an alarm if our account goes into 10USD charges and send a email, in case if we forget to shutdown something. So we go to My Billing Dashboard ->Billing Preferences -> Receiving billing alerts , and go to Manage Billing alert (Cloudwatch)