-
Notifications
You must be signed in to change notification settings - Fork 0
/
AWS_Notes.txt
31 lines (21 loc) · 1.15 KB
/
AWS_Notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
IAM -
Users and Policy Documents are:
Applied by Region
Applied Globally
Separated by Users = Regional, Policies = Globally <----- I like this one......WRONG
Vice versa.
To assign permissions to a user, group, role or resource (4 types) - you create a Policy
A Policy is a document that explicitly lists permissions
-Actions - what actions are allowed. Explicit allowing required
-Resources - what resources you are allowed the action on. Deny is default
-Effect - what the effect will be when the user requests access. Deny is default.
Policies are JSON documents
A Policy consists of one or more statements, and statements describe one set of permissions.
Resource-based policies must include a principal
Policy Validator - detect and correct invalid policies
Policy Generator - allows creation without accessing the console
What is the difference between a service and a resource?
By Default, a newly created IAM User is granted No access to services or resources...
MFA is not required for Administrator access. Administrators group is a thing.
IAM is not biometric enabled
console access does not require the access key id and secret access key