To assign a fixed policy to each user

To dynamically replace the username at runtime

To create a new IAM user

To delete an existing IAM user

By creating a separate policy for each user

By using dynamic values to apply a single policy to a group

By assigning the same policy to all users without changes

By removing the need for policies altogether

Account

User

Federated

Database

To create a new identity provider

To replace the identity provider used for the user

To assign a fixed identity provider to all users

To delete an existing identity provider

sts.amazon.com: sub

dollarsignww.amazon.com: user_id

cognitoidentity.amazon.com: sub

saml.amazon.com: user_id

Because IAM policies are too complex

Because IAM policies are not secure

Because RDS is a proprietary technology

Because RDS uses IAM policies for security

Ask for help

Understand it by recognizing variables

Memorize it

Ignore it