AWS services

  • IAM (Identity and Access Management)
    • account settings, users, roles and groups privileges for AWS services
    • root has automatically all privileges and all services available, any other user has none -  have to be granted
    • always create at least one user - don't do day-to-day tasks with root and always give to a user minimum privileges
    • User - grant permissions to a user directly
    • Group - grant permissions to a specific group of people
    • Role - grant permissions to an AWS service to interact with other AWS service (or user from other AWS account)
    • Policy - definition what user / group can access