Tutorials References Exercises Videos Menu
Create Website Get Certified Upgrade

AWS Cloud Tutorial

AWS HOME AWS Intro AWS Cloud Certification AWS Get Started AWS Cloud Computing AWS Cloud Benefits AWS EC2 Intro AWS EC2 Instance Types AWS EC2 Pricing AWS EC2 Scaling AWS EC2 Auto Scaling AWS Elastic Load Balancing AWS Messaging AWS SNS AWS SQS AWS Serverless AWS Lambda AWS Containers AWS ECS AWS EKS AWS Fargate AWS First Recap AWS Infrastructure AWS Regions AWS Availability Zones AWS Edge Locations AWS Provision AWS Provision Services AWS Elastic Beanstalk AWS CloudFormation AWS Second Recap AWS Networking AWS Connectivity AWS Subnet and Access AWS Global Networking AWS Third Recap AWS Storage and DBs AWS Instance Stores AWS EBS AWS S3 AWS EBS vs S3 AWS Elastic File System AWS RDS AWS DynamoDB AWS DynamoDB vs RDS AWS Redshift AWS DMS AWS Additional DB Services AWS Fourth Recap AWS Cloud Security AWS Shared Responsibility AWS User Access AWS Organizations AWS Cloud Compliance AWS DDoS AWS Other Services AWS Fifth Recap AWS Monitoring and Analytics AWS CloudWatch AWS CloudTrail AWS TrustedAdvisor AWS Sixth Recap AWS Pricing and Support AWS Free Tier AWS Pricing Models AWS Billing Dashboard AWS Consolidated Billing AWS Budgets AWS Cost Explorer AWS Support Plans AWS Marketplace AWS Seventh Recap AWS Migration and Innovation AWS Cloud Adoption Framework AWS Migration Strategies AWS Snow Family AWS Innovation AWS Eight Recap AWS Cloud Journey AWS Well-Architected Framework AWS Cloud Benefits AWS Ninth Recap AWS Exam Preparation

AWS Examples

AWS Cloud Exercises AWS Cloud Quiz

Specializations

AWS Fundamentals Java App on AWS Node.js App on AWS Python App on AWS

Guided Projects

Create VM EC2 Wordpress Site EC2 S3 Basics Hosting in AWS S3 NodeJS Website JS Variables and Operators MySQL DB with AWS RDS Web Hosting and Replication Amazon Aurora DB DynamoDB With Python and Boto3 AWS ECR Object Detection With AWS Sagemaker AWS Event Bridge and Lambda

More AWS

AWS Machine Learning AWS Serverless

User Permissions and Access


What is AWS Identity and Access Management?

AWS IAM is also called AWS Identity and Access Management.

It helps you securely manage AWS resources and services.

IAM features are:

  • AWS account root user
  • IAM Users
  • IAM policy
  • IAM groups
  • IAM roles
  • Multi-factor authentication

By combining IAM features, you have the flexibility to configure specific operational and security access.


User Permissions and Access Video

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.


AWS Account Root User

AWS account root user gets created when you first start an AWS account.

Access your account root user by AWS account credentials (email and password).

It has full access to all of the accounts resources and AWS services.

Some of the good practices are:

  • Avoid using the root user for daily tasks
  • Use it to create IAM with permissions to create other users
  • Use it only for the root user-specific tasks
Image of creating and using the root user

Image created by Amazon Web Services


IAM Users

IAM user represents an entity (person or an application) that interacts with AWS resources and services.

IAM user is made of credentials and a name.

It is created without permissions by default.

The root user can grant permissions to the IAM user.

It is recommended that you create one IAM user for each individual.



IAM Policies

IAM policies are documents.

They deny or allow permissions to AWS resources and services.

They customize user access to AWS resources and services.

You can give only those permissions that each user needs.

IAM policy example is illustrated below.

Image of creating and using the root user

Image created by Amazon Web Services


IAM Groups

A collection of IAM users is called an IAM group.

IAM policy assigned to the IAM group grants permissions to all IAM users of that group.

Image of creating and using the root user

Image created by Amazon Web Services


IAM Roles

IAM role is temporary access to services or resources.

Before an IAM role can be given, IAM user, service, or application must have permission to switch roles.

It is best for cases where temporary access needs to be given.


Multi-factor Authentication

Multi-factor authentication is a multiple-step authentication.

It can provide more than one authentication form.

It is an extra layer of security.

It may come in the form of a security code that is sent to your mobile device or an email.


AWS Cloud Exercises

Test Yourself With Exercises

Exercise:

Fill in the blank

IAM user represents an  (person or application)

Start the Exercise