Friday, June 25, 2021

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM)


IAM User:

Newly created IAM User has no permissions associated with it.


IAM Policy:

IAM Policy allows us to change the permission on resources like EC2, S3, etc.


IAM Group:

IAM Group is a collection of users. We can assign IAM policy to IAM Group.


IAM Roles:

IAM Roles is a temporary access to some resource. We do not assign roles. Users, application or services can assume IAM Roles. 

Once a roles is assumed all previous permissions granted through groups and policies are not valid for the total duration of IAM Role is assumed.


MFA is extra layer of security provided in IAM


Monday, June 21, 2021

AWS Network ACL and Security Groups

ACLs perform stateless packet filtering (Always check packets)

Account's Default ACL: Allow all In and out traffic

Customer ACL: Only allow what is defined rest is deny

-------------------------------------------------------------------------

Security Groups perform stateful packet filtering (Remember previous decision for the packet)

By Default 

Deny all In

Allow all out


-------------------------------------------------------------------------