Please enable JavaScript.

Coggle requires JavaScript to display documents.

IAM (Authentication (Authorization: What is allow to do on the resources…

- - - - Condition: for example, the source IP address, the hour of the day, etc
        Action: for example read a bucket, write in a bucket, etc
        Resources; The AWS resource, specified as Amazon Resource Name (ARN)
        Effect: Allow / Deny
        Service: AWS service, for example EC2 or S3
        
        arn:aws:service:region:account-id:[resource-type]:rosource
      - Policies can be assigned to
        
        Users
        
        User specific policies
        
        Managed policies
        
        Groups
        
        Group specific policies / managed policies
        
        Roles
    - - The default action is deny is
- - - - Persistent, full access, cannot be restricted or erased
    - - Persistent, can be restricted using policies and roles, administrator users can delete it
    - - temporal, can be deleted, restricions via policies
      - Use cases
        
        EC2 roles
        
        Cross account access
        
        Federeration