Become an AWS pro by understanding IAM, learning to write policies, and configuring access. Get hands-on with realistic examples, developed by AWS Solution Certified Architects. No setup, no cleanup, no hassle.

A Practical Guide to AWS IAM by Tamás Sallai_468 x 60 .png

This course is about how AWS IAM works and how to write policies to control access in an AWS account. In this course, you will learn how AWS APIs work, explore different parts of the requests made to the APIs and elaborates on how access is determined. Additionally, you will dive into how to configure access inside AWS by describing the policy structure and the 5 policy types AWS supports.

Further, you will become familiar with how the elements in the request and the policies fit together. You will also determine whether the operation is allowed or denied by demonstrating through several step-by-step realistic examples that show exactly how IAM evaluates access, thus providing templates for how to apply these protections to AWS environments.

Lastly, this course offers you some practical tips on how to secure an account both as an administrator and as a developer. It explains the best practices and the usual pitfalls of AWS security.

AWS Security Fundamentals: A Practical Guide to AWS IAM

Whenever there is a change to a resource in an AWS account, it comes via one of the AWS APIs. IAM protects these APIs with policies we can attach to different things in the account. Because of this, IAM is the most critical service to secure an AWS account. Everything that touches a resource is subject to it but it's our responsibility to configure it to only allow what is needed for normal operations and deny everything else.

# Recap
IAM follows a well-defined process to decide whether it allows a request or not. First, it constructs the request context with the data from the request itself as well as metadata about the Resource, the Principal, and other sources. We covered this in the [Access elements](https://www.educative.io/courses/aws-security-iam/access-elements-principal) lessons.

Then it moves on to collect all the policies that can be applied to the request. Policies are JSON documents that are attached to identities (users, groups, or roles), resources, sessions, identities as permissions boundary, or accounts. Each of these policy documents defines a set of properties that describe *how* they influence IAM during the authorization process. Most of them are *filters* that define which requests the policy applies to. We covered how policies work in the [IAM policies](https://www.educative.io/courses/aws-security-iam/filters-principal-resource-and-action) chapter.

The last step in the authorization process is the *policy evaluation process*. This is where IAM considers the matching policies and decides whether to allow or deny the operation in the request. This has multiple steps which we covered in the [Evaluation flow](https://www.educative.io/courses/aws-security-iam/evaluation-flow) lesson.

By understanding the process that governs the access control in AWS, we'll be able to reason about who can do what in an account and write policies that allow and deny the operations in a controlled and fine-grained manner. And tight access control is the basis of a secure cloud.

Let's do a quick recap of the course, highlighting the important steps IAM performs in deciding whether to allow a request or not.

Introduction

Access Control Basics

User Management using IAM

IAM Policies

Request Evaluation Flow and Examples

Role Management Using Identity and Access Management (IAM)

How to Secure an AWS Account

Conclusion

Appendix

Wrap up!