Difference between revisions of "AWS Identity and Access Management (IAM)"
Jump to navigation
Jump to search
↑ https://en.wikiversity.org/wiki/Cloud_computing/Amazon_Web_Services/Identity_and_Access_Management
↑ https://aws.amazon.com/blogs/aws/new-managed-policies-for-aws-identity-access-management/
↑ https://aws.amazon.com/blogs/security/how-to-assign-permissions-using-new-aws-managed-policies-for-job-functions/
↑ https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html
↑ https://aws.amazon.com/es/blogs/security/easier-way-to-control-access-to-aws-regions-using-iam-policies/
| (34 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | Amazon in 2012 introduces AWS Identity and Access Management (IAM) for EC2 <ref>https://en.wikiversity.org/wiki/Cloud_computing/Amazon_Web_Services/Identity_and_Access_Management</ref>. In February introduced Managed [[Policies]] by AWS<ref>https://aws.amazon.com/blogs/aws/new-managed-policies-for-aws-identity-access-management/</ref> and since November 2016 there are 10 different policies bases on job functions: <code>[[AdministratorAccess]]</code> (This policy grants full access to all AWS services, similar to root role in Unix systems), <code>Billing</code>,<code> Data Scientist</code>, <code>Database Administrator</code>, <code>Developer Power User</code>, <code>Network Administrator</code>, <code>Security Auditor</code>, <code>Support User</code>, <code>System Administrator and View Only User</code> <ref>https://aws.amazon.com/blogs/security/how-to-assign-permissions-using-new-aws-managed-policies-for-job-functions/</ref><ref>https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html</ref> | + | Amazon in 2012 introduces AWS Identity and Access Management ([[IAM]]) for EC2 <ref>https://en.wikiversity.org/wiki/Cloud_computing/Amazon_Web_Services/Identity_and_Access_Management</ref>. In February introduced Managed [[Policies]] by AWS<ref>https://aws.amazon.com/blogs/aws/new-managed-policies-for-aws-identity-access-management/</ref> and since November 2016 there are 10 different policies bases on job functions: <code>[[AdministratorAccess]]</code> (This policy grants full access to all AWS services, similar to root role in Unix systems), <code>Billing</code>,<code> Data Scientist</code>, <code>Database Administrator</code>, <code>Developer Power User</code>, <code>Network Administrator</code>, <code>Security Auditor</code>, <code>Support User</code>, <code>System Administrator and View Only User</code> <ref>https://aws.amazon.com/blogs/security/how-to-assign-permissions-using-new-aws-managed-policies-for-job-functions/</ref><ref>https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html</ref> |
| + | * [[AWS managed policies]] | ||
| + | * [[AWS managed Job functions]] | ||
| + | == Examples policies == | ||
| + | * <code>[[aws:RequestedRegion]]</code> (April 2018) <ref>https://aws.amazon.com/es/blogs/security/easier-way-to-control-access-to-aws-regions-using-iam-policies/</ref> | ||
* <code>[[iam:ChangePassword]]</code> | * <code>[[iam:ChangePassword]]</code> | ||
| + | * <code>arn:aws:iam::aws:policy/[[ReadOnlyAccess]]</code> | ||
| + | == News == | ||
| + | * [[AWS timeline|Nov 2022]] assign multiple [[MFA]] devices in IAM https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/ | ||
| + | * Dec 2019 [[AWS IAM Access Analyzer]] | ||
| + | * Feb 2015 [[AWS Security Token Service (STS)]] in Every AWS Region | ||
| + | * Oct 2013 [[AWS IAM policy simulator]] | ||
| + | |||
| + | == Activities == | ||
| + | * Read https://stackoverflow.com/questions/tagged/amazon-iam?tab=Votes | ||
| + | * [[Granting access to your billing information and tools]] | ||
| + | * [[Using temporary credentials with AWS resources]]: <code>[[aws sts get-session-token]]</code> | ||
== Related terms == | == Related terms == | ||
* [[SigV4]] | * [[SigV4]] | ||
| + | * [[Azure Identity and access management (IAM)]] | ||
| + | * <code>[[gcloud iam]]</code> | ||
| + | * <code>[[aws-iam-authenticator]]</code> and [[EKS]] | ||
| + | * [[AWS IAM role]] | ||
| + | * [[AWS IAM principal]] | ||
== See also == | == See also == | ||
| − | * {{ | + | * {{AWS IAM}} |
| − | |||
| − | |||
| − | |||
| − | |||
| − | [[Category: | + | [[Category:IAM]] |
| − | |||
[[Category:AWS]] | [[Category:AWS]] | ||
Latest revision as of 11:38, 26 July 2024
Amazon in 2012 introduces AWS Identity and Access Management (IAM) for EC2 [1]. In February introduced Managed Policies by AWS[2] and since November 2016 there are 10 different policies bases on job functions: AdministratorAccess (This policy grants full access to all AWS services, similar to root role in Unix systems), Billing, Data Scientist, Database Administrator, Developer Power User, Network Administrator, Security Auditor, Support User, System Administrator and View Only User [3][4]
Examples policies[edit]
aws:RequestedRegion(April 2018) [5]iam:ChangePasswordarn:aws:iam::aws:policy/ReadOnlyAccess
News[edit]
- Nov 2022 assign multiple MFA devices in IAM https://aws.amazon.com/blogs/security/you-can-now-assign-multiple-mfa-devices-in-iam/
- Dec 2019 AWS IAM Access Analyzer
- Feb 2015 AWS Security Token Service (STS) in Every AWS Region
- Oct 2013 AWS IAM policy simulator
Activities[edit]
- Read https://stackoverflow.com/questions/tagged/amazon-iam?tab=Votes
- Granting access to your billing information and tools
- Using temporary credentials with AWS resources:
aws sts get-session-token
Related terms[edit]
- SigV4
- Azure Identity and access management (IAM)
gcloud iamaws-iam-authenticatorand EKS- AWS IAM role
- AWS IAM principal
See also[edit]
- IAM: AWS IAM Identity Center, AWS Identity and Access Management, Google Cloud IAM, Azure IAM, SailPoint, CyberArk, CIAM, ForgeRock,
iam:ChangePassword,aws iam,AdministratorAccess, Context keys, IAM Access Analyzer, AWS policy, AWS managed policies,IAMUserChangePassword, AWS Roles, List of AWS policies, Resource-based policy,aws-iam-authenticator, IRSA, RDS Authentication,AccessDenied, AWS Authentication, AWS IAM external access analyzer
Advertising:
