Changes

AWS Solutions Architect/training/Section 3: Identity Management and Permissions (view source)

Revision as of 01:17, 8 February 2024

67 bytes added , 8 February

no edit summary

Steps for authorizing Requests to AWS - which may come from the Console, the CLI, or via an API

# Authentication# Processing the '''request context''' of ## Actions ## Resources ## Principal ## Environment data ## Resource data# Evaluating all policies within the account (both identity-based and resource-based)# Determining whether a request is allowed or denied

Types of Policies

* Identity-based policies - attached to Users, Groups, or Roles* Resource-based policies - attached to resource; define permissions for a principal accessing the resource.* IAM Permission boundaries - set the maximum permissions an identity-based policy can grant an IAM entity* AWS Organizations service control policies (SCP) - specify the maximum permissions for an organization or OU* Session policies - used with the AssumeRole* API actions

The '''effective''' permissions are the superset when combining an Identity-based policy with a Resource-based policy. But, are only the '''intersection''' when combining with Permissions boundary or Organizations SCP<ref>https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics-id-rdp</ref>

31. [HOL] Apply Permissions Boundary

With Permissions Boundary, you can prevent escalation of privileges.

32. Use Cases for IAM Roles

[[Category:AWS]]

Admin

Image-reviewer, Bureaucrats, Check users, confirmed, Interface administrators, Administrators (Semantic MediaWiki), Curators (Semantic MediaWiki), Editors (Semantic MediaWiki), staff, Suppressors, sysadmin, Administrators, uploadaccess, Upload Wizard campaign editors, Widget editors

1,503

edits