AWS
AWS Identity & Access Management (AWS IAM)
Cập nhật 23/06/2026
- #aws
- #iam
- #security
AWS Identity & Access Management (AWS IAM)
Maarek SAA-C03 Slides v45 — Chapter 2. Personal study extract.
Key content
- AWS Identity and Access
- Management (AWS IAM)
- IAM: Users & Groups
- Alice Bob Charles David Edward
- Group: Developers Group: Operations
- Group
- Audit Team
- Fred
- IAM: Permissions
- assigned JSON documents
- called policies
- permissions of the users
- privilege principle: don't give
- more permissions than a user
- needs
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": "ec2:Describe*",
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": "elasticloadbalancing:Describe*",
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "cloudwatch:ListMetrics",
- "cloudwatch:GetMetricStatistics",
- "cloudwatch:Describe*"
- ],
- "Resource": "*"
- }
- ]
- }
- IAM Policies inheritance
- Alice Bob Charles David Edward
- Developers Operations
- Audit Team
- Fred
- inline
- IAM Policies Structure
- 17"
- (Allow, Deny)
- (optional)
- IAM – Password Policy
- Multi Factor Authentication - MFA
- configurations or delete resources in your AWS account
- if a password is stolen or hacked, the account is not compromised
- Alice
- +Password => Successful login
- MFA devices options in AWS
- Virtual MFA device
- Google Authenticator
- (phone only)
- Authy
- (phone only)
- Universal 2nd Factor (U2F) Security Key
- YubiKey by Yubico (3rd party)
- Support for multiple tokens on a single device. Support for multiple root and IAM users
- using a single security key
- MFA devices options in AWS
- Hardware Key Fob MFA Device
- Provided by Gemalto (3rd party)
- Hardware Key Fob MFA Device for
- AWS GovCloud (US)
- Provided by SurePassID (3rd party)
- How can users access AWS ?
- Example (Fake) Access Keys
- What's the AWS CLI?
- your command-line shell
- What's the AWS SDK?
- programmatically
- C++)
- AWS SDK
- Your Application
- IAM Roles for Services
- perform actions on your behalf
- permissions to AWS services
- with IAM Roles
- EC2 Instance
- (virtual server)
- IAM Role
- Access AWS
- IAM Security Tools
- credentials
- services were last accessed.
- IAM Guidelines & Best Practices
- Access Advisor
- IAM Section – Summary
Study checklist
- Read chapter once in English (no full translation)
- Add 7–10 terms →
/admin/aws-english/vocab - Practice 5 questions →
/admin/aws-english/reader(tags: aws, iam, security) - SRS review →
/flashcards/aws-english