- Amazon Web Services
- Level 100 (Introductory)
- 1 hour
- IAM is a free service
- Create a new user in IAM with console access
- Add the user to an Admin group
- Create a new group called "Admins"
- Add the
AdministratorAccessmanaged policy to the new group - Add your new user to the "Admins" group
- Enable MFA for the root user
- Apply an IAM password policy that follows security best practices
- What is Identity and Access Management (IAM)?
- What is a root user?
- How is a root user different from an Admin user?
- What is console access and programmatic access?
- What is the access key and secret key?
- What is MFA and why is it important?
- What are policies and how can you create them?
- What are roles and how can you create them?
- What is the difference between a role and a policy?
- What is a user group?
- What are some good security practices for password policies?
- Creating Your First IAM Admin User and Group
- Security Best Practices in IAM
- Root user in AWS
- Setting an IAM password policy
- IAM Policy examples
- About IAM Roles
- Managed policies are created and maintained by AWS. A managed policy has a small, orange box on the left side of the policy's name.
- Use the Google Authenticator app for MFA.
- Do not ever commit, add or push any of your access and secret keys to source control systems like git. You must also never share or make your access keys public in any way shape or form. If you accidentaly have done so, make sure to delete the access and secret keys immediately in your console and generate new ones.
- By default, IAM users are not allowed access to the Billing console. It has to be enabled seperately by using the root user under "My Account".