## AWS Control Tower allows you to setup and govern multi-account environments.
# Identity Management and Permissions including RBAC, ABAC and permissions boundaries
## Roles are '''assumed''' by users, applications and services.
## Policies are JSON and may be either Identity based, or Resource based.
## Authentication methods: password + optional MFA token; Access Key + Secret Access Key; X-509 Certificate
## AWS Security Token Service (STS) sts:AssumeRole returns temporary security credentials.
## Multi-Factor Authentication
;Something you '''know'''
;Something you ''' have'''
;Something you '''are'''
A Trust Policy is also an example of a resource-based policy.
A Permissions Policy is an identity-based policy.
# AWS Directory Services and Federation including Identity Federation, AWS SSO, and Cognito
# Advanced Amazon VPC including a routing deep dive and multi-account VPC configurations