Miscellaneous
A Role allows or denies a service to service access. for example can create one to allow EC2 to access S3 then you dont need a username and password.
Power User Access
Allows full access to all AWS services except for management of groups within IAM.
Its not full access to all AWS services & resources.
Administrator Access
Root user has Administrator Access
Ques : How many active keys can 1 user have ?
Ans 2
Why : Keys have expiration time , so u generate two : while old one is still active replace it with the new one. Nothing breaks.
Keys best practices
● Remove or don’t generate access keys for root user.
● Use diff keys or IAM roles for diff applications.
● Rotate keys
● Remove unused keys
● Use aws credentials file or env variables rather than hardcoding access keys in scrpt. (even if u get my script u dont get my keys)
Miscellaneous
- IAM is global in nature, its not region specific
- Default region for a new account is Oregon
- Every user can have its own custom login URL , by default it’s a long number, can use an alias ( from a global namespace ) http:1234.signin.aws.amazon.com => alias.signin.aws.amazon.com
- After creating an alias can i signin using normal link ? Ans No… also One root user has one custom login URL… like companyName.aws.console.com
- Best practice not too login via root + activate MFA on it.
- 'Access key id' & 'secret access key' are used to programmatically access the AWS , it cant be used to access console.
- IAM doesn't allow bio metric access
- Default level of access for a newly created user is 'no access to any AWS service'
- delete your root access keys
- activate MFA
- create individual IAM users
- Use Group to assign permission
- Use password policy
A Role allows or denies a service to service access. for example can create one to allow EC2 to access S3 then you dont need a username and password.
Power User Access
Allows full access to all AWS services except for management of groups within IAM.
Its not full access to all AWS services & resources.
Administrator Access
Root user has Administrator Access
Ques : How many active keys can 1 user have ?
Ans 2
Why : Keys have expiration time , so u generate two : while old one is still active replace it with the new one. Nothing breaks.
Keys best practices
● Remove or don’t generate access keys for root user.
● Use diff keys or IAM roles for diff applications.
● Rotate keys
● Remove unused keys
● Use aws credentials file or env variables rather than hardcoding access keys in scrpt. (even if u get my script u dont get my keys)
Miscellaneous
- Permission can be assigned to group and users both. Not a good practice to assign to user. You can override a ‘group permission’ for a user or ‘add extra permission’ to that user by overriding or adding permission to that particular user.
- One user can belong to two groups. Permissions are stacked up then.
- No Way to nest groups inside other groups. Instead put one user in multiple groups.
- For changed permission to take effect, user doesn’t have to logout and login.
- Note AWS permissions are not related to any OS permissions like of EC2.
almost everything in AWS is case sensitive.
No comments:
Post a Comment