Please enable JavaScript.

Coggle requires JavaScript to display documents.

IAM (Limits (1500 policies (300 groups (1000 roles (10 policies per role…

- - - - 1000 roles
        
        10 policies per role.user
        
        instance profiles 1000
        
        2 access keys
        
        10 groups per user
        
        5k users
- - - - enable MFA
        
        use groups to assign permissions
        
        AWS Managed policies
        
        DBfullaccess
        
        IAMfullaccess
        
        use custom policies use manged instead of inline
        
        1 more item...
- - - - condition
        
        ip
        
        times
        
        certain dynamoDB attributes
  - - - set max permissions that an ID policy can grant to IAM entity
      - effective permissions
        
        Evaluation
        
        auth
        
        process the request
        
        eval policies
        
        determine whether allow/deny
        
        deny>allow
- - - - s3:getobject
        
        for bucket policy
        
        Read permissions to ALLUsers
        
        20KB
        
        testing s3 console need permisions
        
        listtallmybuckets
        
        1 more item...
- - - - Management
        
        Account and IAM Policies
        
        Allow key admins to administer key
        
        allow key users to use key
      - no policy = root user
        
        IAM policies within account
- - - - decrypt
        
        reencrypt
        
        generatedatakey
        
        describekey
  - - - enable
        
        put
        
        update
        
        delete
- - - - can require objects be bucket owner's objects
- - - - less than 5k for gorup
        
        less than 10k for roles
- - - - access aws using creds
        
        mobile dev
        
        already have web identity
- - - - Console
        
        Assume role
        
        temp creds
        
        Dynamodb
- - - - ec2/ecs/lambda
        
        automated deployment cloud formation
        
        serverless, resilient, scalable