AWS IAM Security Services
Build on your knowledge of AWS IAM by learning about some important IAM security services.
IAM Access Analyzer
In AWS, some services can be shared across AWS accounts or made public for everyone to use. For example, we can have an S3 bucket that’s public and can be accessed by anyone in the world via a URL. Or we can have an SQS that’s shared with a specific set of AWS accounts in our organization.
There can be a lot of reasons and use cases where a solution like this is required. But sometimes, we can forget about sharing these services, or we might accidentally allow unwanted accounts or users to access these resources, which can be a security risk.
IAM Access Analyzer is a native IAM tool that allows us to define a zone of trust and find all the resources that are accessible by entities beyond the zone of trust. A zone of trust can be our AWS account or our AWS Organization.
AWS Organizations is a service that allows us to link a number of AWS accounts in our company together.
Get hands-on with 1400+ tech skills courses.