Intelligent Automation and Monitoring

Infrastructure and Asset Management

Identity and Access Management

Internet and Application Management

To provide storage for data in AWS.

To monitor the performance of AWS services.

To manage access to AWS services and resources securely.

To automate the deployment of applications in AWS.

Buckets and Objects

Roles and Policies

Users and Groups

Permissions and Access Keys

Shredding disk drives before they leave a datacenter

Patching the operating system with the latest security patches

Configuring the Security Group rules that determine which ports are open on the EC2 Linux instance

Installing camera systems to monitor the physical datacenters

Role-based access control (RBAC) is a method of managing access to resources in an organization based on permissions.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on user names.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on IP addresses.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on roles.

IAM Username/Password

Access Key + Secret Key

HTTP header: X-Authen-Header

Federation (SAML, OIDC)

Using strong and unique passwords, enabling MFA, regularly reviewing and rotating access keys, using IAM roles for EC2 instances, granting least privilege access, monitoring IAM activity and logging, and reviewing and updating IAM policies.

Using weak and common passwords, disabling MFA, never reviewing or rotating access keys, not using IAM roles for EC2 instances, granting excessive privilege access, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.

Using the same password for all IAM users, not enabling MFA, rarely reviewing and rotating access keys, not using IAM roles for EC2 instances, granting full access to all users, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.

Using short and simple passwords, not considering MFA, never reviewing or rotating access keys, not using IAM roles for EC2 instances, granting unrestricted access to all users, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.