Summary and Quiz

Get a refresher of what you’ve learned in the Identity and Management Access chapter and take a short quiz to validate your knowledge.

We'll cover the following

Let’s look at some key takeaways from this section and then we’ll put our learnings to a test by attempting a quiz.

Summary

Here’s a summary of the key takeaways from this section:

  • IAM: IAM (Identity and Access Management) is a security and management service provides external entities with secure access to AWS services or resources within the AWS account. It takes care of both authentication and authorization.

  • IAM policy: An IAM policy is a JSON document that allows us to define the scope of permissions of the principal entities. There are six type of IAM policies:

    • Identity-based policy

    • Resource-based policy

    • Permission boundary policy

    • Session policy

    • ACL

    • SCP

  The circumstances determine the type of IAM policy to be used.

  • IAM user: An IAM user is an IAM resource we can use to provide long-term AWS console access to an external user. When using AWS account for longer period, the best practice is to create IAM user accounts for each operation unit. This helps us secure our root account and also prevents the user from performing any unwanted actions.

  • IAM roles: An IAM user is an IAM resource we can use to provide short-term AWS access to the requesting entity. IAM roles usually have both identity-based and resource-based policy attached with them that are used for authorization and authentication respectively.

  • Amazon Cognito: Amazon Cognito simplifies user authentication and authorization for web and mobile apps, providing scalable user directories (User Pools) and secure access to AWS resources (Identity Pools).

  • Access Analyzer: Access Analyzer identifies unintended access to our AWS resources by continuously monitoring access permissions. It can also help us draft our IAM policies documents by alerting us of any loose end or syntax errors within the policies.

  • Restricting policies: Permission boundary policy and session policy allow us to set an upper bound on the permissions of IAM entities. Permission boundary policy can be used with both IAM users and IAM roles whereas session policy is exclusively for the IAM role.

  • AWS Organizations: AWS Organizations allows us to manage multiple AWS accounts from a single point. It helps us consolidate billing for our AWS accounts and manage their maximum permissions from a single management account. For the latter part, it uses SCPs that are set using the management account.

  • IAM Identity Center: IAM Identity Center enables us to manage access of our workforce to our AWS accounts from a single point. It is also know as Single-Sign On (SSO) as it enables us to provide single sign-on to the requesting entities.

Test your knowledge

Take a short quiz to validate that knowledge and to make sure we’ve not missed out on anything:

Get hands-on with 1400+ tech skills courses.