IAM

    IAM : Identity and Access Management

    a web service that helps you securely control access to AWS resources

    authenticated (signed in) and authorized (has permissions)

    AWS account root user

    don't use the root user for your everyday tasks

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/id_roles_terms-and-concepts.html

IAM Features

    Shared access to your AWS account

    Granular permissions

    Secure access to AWS resources for applications that run on EC2

    Multi-factor authentication (MFA) FIDO ( FastID Online)

    Identity federation

    Identity information for assurance Integrated with many AWS services

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html https://en.wikipedia.org/wiki/FIDO_Alliance

Term

    User : user/application

    Group : group of user

    Roles : temp deligate permission Policy : group of permission Permission :

https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

 

https://www.okta.com/kr/identity-101/role-based-access-control-vs-attribute-based-access-

control/#:~:text=RBAC%EC%99%80%20ABAC%EC%9D%98%20%EA%B0%80%EC%9E%A5,%EA%B6%8C%ED%95%9C%EC%9D%84%20%EA%B2%B0 %EC%A0%95%ED%95%A0%20%EC%88%98%20%EC%9E%88%EC%8A%B5%EB%8B%88%EB%8B%A4.

https://www.okta.com/identity-101/what-is-role-based-access-control-rbac/

 

What Is Role-Based Access Control (RBAC)? | Okta

Want to learn more about how your organization can effectively control access for employees and third parties?

www.okta.com

 

Policies

    AWS Managed Policy

    Customer Managed Policy

    Inline Policy

https://aws.amazon.com/products/storage/

Role / Policy / Permission

 

https://whchoi98.gitbook.io/aws-iam/iam-policy

Policy Type

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

 

Policies and permissions in IAM - AWS Identity and Access Management

Policies and permissions in IAM You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines

docs.aws.amazon.com

Policy Evaluation Logic

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

 

Policy evaluation logic - AWS Identity and Access Management

Policy evaluation logic When a principal tries to use the AWS Management Console, the AWS API, or the AWS CLI, that principal sends a request to AWS. When an AWS service receives the request, AWS completes several steps to determine whether to allow or den

docs.aws.amazon.com

 

 

QnA

 

 

저작자표시 (새창열림)

'AWS > AWS Ceritified Solutions Architect' 카테고리의 다른 글

09. DNS, S3, CloudFront  (0) 2023.08.21
08. CloudTrail, CloudWatch, Config  (0) 2023.08.21
06. Database  (0) 2023.07.22
05. VPC  (0) 2023.07.21
04. Storage  (0) 2023.07.21

+ Recent posts

티스토리툴바