My Tech Blog (Coding/AWS)

1. What are two common IAM (Identity and Access Management) security tools ?IAM Access AnalyzerShows the account creation time, whether the password is activated, the last time the password was changed, the last time the account was used, when the next password change is expected, whether MFA is enabled, whether access keys have been created, the last time the access key was rotated, the last ti..

1. IAM Roles for Services- To do so, we will assign permissions to AWS services with IAM Roles- is not for users(person)- combine with service/Instance, enable for EC2 Instance(virtual server) to access AWS - Common roles : EC2 Instance Roles, Lambda Function Roles, Roles for Cloud Formation⭐ Role 의 역할은 AWS Entity에게 AWS 에서 작업을 수행할 수 있는 권한을 부여하는 것⭐ Users(사람)에게 부여하는 것이 아님  2. How to Create RolesIA..

1. How can users access AWS ? - To access AWS, you have three options:    •   AWS Management Console (protected by password + MFA)    •  AWS Command Line Interface (CLI): protected by access keys    •  AWS Software Developer Kit (SDK) - for code: protected by access keys  - Access Keys are generated through the AWS Console  - Users manage their own access keys  - Access Keys are secret, just lik..

IAM Policies StructureIAM JSON 파일은 AWS에서 IAM(Identity and Access Management) 정책을 정의할 때 사용되는 파일 형식이다. 이 파일은 JSON형식으로 작성되며, 사용자, 그룹, 역할(Role) 등에 대한  권한(permissions)을 설정하는 데 쓰인다.  IAM JSON StructureIAM JSON 파일은 AWS 리소스에 대해 허용(Allow)하거나 거부(Deny)할 작업을 명시하는 정책(policy)을 정의한다.이를 통해 어떤 사용자가 어떤 AWS 서비스에서 어떤 작업을 수행할 수 있는지를 제어한다.JSON 파일 예시 JSON 파일 필드Consists of• Version: policy language version, always incl..

IAM Identity and Access Management- 사용자를 생성하고 그룹에 배치하기 때문에 Global Service- Root account created by default, shouldn't be used or shared - Users are people within your organization, and can be grouped- Groups only contain users, not other groups- Users don't have to belong to a group, and user can belong to multiple groups IAM: Permissions- Users or Groups can be assinged JSON documents called po..