Please enable JavaScript.

Coggle requires JavaScript to display documents.

Arch IAM - Coggle Diagram

- - - - 1, password for accessing console
      - (Access key and secret key) to access the
        
        CLI
        
        Need to get Utility to run AWS command
        
        supported on Window, Linux, MAC
        
        SDK (phython, Node JS. . Net...)
  - - - Specify
        
        effect means permit or deny
        
        action
        
        Example for S3 action
        
        put, get, list bucket, list object, delete object
        
        Example for Ec2
        
        launch, terminate, start& stop, describe
        
        resource
        
        for example
        
        example for S3 : all buckets or a specific bucket
        
        condition
        
        example
        
        source IP
        
        MFA (Multi factor authentication) to upload or delete the object in S3
      - a JSON documents
      - can be assigned to
        
        user
        
        user group
        
        roles
  - - - Running the AssumeRoleAPI at the backgroup
      - by the userID
      - by the Mobile App
      - Assume by AWS resource, example Phyton in Ec2 to access S3
        
        1, create the role and assign to Ec2
        
        Python can assume the role
      - Assumed by userID in different account (Cross account access)
- - - - based on token with the validity period of 24 hours (default)