Become an AWS pro by understanding IAM, learning to write policies, and configuring access. Get hands-on with realistic examples, developed by AWS Solution Certified Architects. No setup, no cleanup, no hassle.

A Practical Guide to AWS IAM by Tamás Sallai_468 x 60 .png

This course is about how AWS IAM works and how to write policies to control access in an AWS account. In this course, you will learn how AWS APIs work, explore different parts of the requests made to the APIs and elaborates on how access is determined. Additionally, you will dive into how to configure access inside AWS by describing the policy structure and the 5 policy types AWS supports.

Further, you will become familiar with how the elements in the request and the policies fit together. You will also determine whether the operation is allowed or denied by demonstrating through several step-by-step realistic examples that show exactly how IAM evaluates access, thus providing templates for how to apply these protections to AWS environments.

Lastly, this course offers you some practical tips on how to secure an account both as an administrator and as a developer. It explains the best practices and the usual pitfalls of AWS security.

AWS Security Fundamentals: A Practical Guide to AWS IAM

In the previous chapters, we gained a detailed insight into how the IAM service works and its various aspects. This is the basis of all security inside AWS as this service controls **who can access the account** and **what is allowed**. As of the shared responsibility model, configuring IAM properly is our responsibility, and any shortcomings in the policies make the account less secure.

# Security in an AWS account
Unfortunately, security is not a solved problem, and there is no single best way to configure access. There are best practices as there is no fail-safe process that guarantees that a system won't be hacked. As shown by the constant stream of breaches from large tech companies, even money can't solve this problem properly.

Securing an account, therefore, is not about reaching an imaginary "absolutely secure" state but making sure that hacking it is as hard as economically possible, considering the cost of implementing the defenses. The so-called Pareto principle (also known as the 80-20 rule) applies here. It states that most of the results come from a few actions, but also as we near perfection the efforts get disproportionately hard. Aim for the low-hanging fruits first.

Next, we will study some practical tips to secure an AWS account.

Introduction

Access Control Basics

User Management using IAM

IAM Policies

Request Evaluation Flow and Examples

Role Management Using Identity and Access Management (IAM)

How to Secure an AWS Account

Conclusion

Appendix

How to Secure an AWS Account