Please enable JavaScript.

Coggle requires JavaScript to display documents.

AWS Cloud Security - Coggle Diagram

- - - - A group can contain many users, and a user can belong to multiple groups.
      - . IAM groups offer a convenient way to specify permissions for a collection of users
    - - An IAM role is an IAM identity you can create in your account that has specific permissions.
      - instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it
      - the role provides you with temporary security credentials for your role session
      - For example, you might want to grant users in your AWS account access to resources they don't usually have, or grant users in one AWS account access to resources in another account
  - - - Identity-based policies are permissions policies that you can attach to a principal (or identity) such as an IAM user, role, or group
        
        Managed policies –Standalone identity-based policies that you can attach to multiple users, groups, and roles in your AWS account
        
        Inline policies –Policies that you create and manage, and that are embedded directly into a single user group or role.
      - Resource - based policies are JSON policy documents that you attach to a resource
- - - - In SCPs, you can restrict which AWS services, resources, and individual actions the users and roles in each member account can access
      - These restrictions even override the administrators of member accounts
      - SCP never grants permissions
- - - - With AWS Certificate Manager, you can request a certificate and then deploy it on AWS resources