Chapter 7 - Security Services

The default mind-set of IAM is 'No access to anything'. This principle ensures that users have no permissions until explicitly granted, enhancing security by minimizing potential risks.

IAM stands for Identity and Access Management, which refers to the policies and technologies used to ensure that the right individuals have the appropriate access to technology resources.

AWS provides the toolset for security, including IAM, but does not enforce security policies, create users, or manage passwords directly. Users are responsible for implementing and managing these aspects.

IAM security policies are essential for controlling access, as they define permissions for users and resources. Without these policies, IAM cannot effectively manage who can access what within an AWS account.

Automatic user creation is not a feature of IAM; it requires manual setup or integration with other services. IAM provides granular permission control, is bundled in the price, and integrates fully with AWS services.

MFA stands for Multifactor Authentication, which is a security mechanism that requires multiple forms of verification to access a system, enhancing security beyond just a password.

IAM roles are designed to provide temporary access to AWS resources, allowing users or services to assume roles with specific permissions without permanently assigning those permissions.

Identity-Based Policies are a type of IAM policy that attach permissions directly to an identity (user, group, or role). They define what actions an identity can perform on specific resources.

An IAM user can belong to a maximum of 10 IAM groups. This limit is set by AWS to manage permissions effectively and ensure optimal performance.

The primary function of IAM policies is to define permissions for AWS resources, allowing you to control who can access and manage those resources effectively.