15 minutes
Security Tools Provided by IAM
There are 2 tools provided by AWS to control the Identity and Access of users in our organisation.
- IAM Credential Report (account level)
- IAM Access Advisor (user level)
IAM Credential Report
It generates a report that lists all your account’s user and the status of their various credentials.
IAM Access Advisor
It shows the service permissions granted to a user and when those services were last accessed. We can use this permission to revise your policy.
IAM best Practice
- Don’t use root account except for access setup.
- One physical user should have only one AWS account.
- Assign users to group & Assign policy permissions to group.
- Create a strong password policy.
- Use & Enforce the use of MFA
Create and Use roles to give one AWS service the ability to interact with another.
- Use Access Keys for Programmatic Access (CLI/SDK)
Audit permission of your account using IAM Credential Report & IAM Access Advisor.
- NEVER SHARE YOUR IAM USER & ACCESS KEYS
Shared Responsiblity Model for IAM:
 |  | |
|---|---|---|
| AWS | User | |
| AWS is responsible for Infrastructure (global network security) | ↔️ | User, Group, Role, Policy Manager & Manager |
| AWS is responsible for configuration & vulnerablity analysis | ↔️ | Enabling MFA on all devices |
| Compliance Validation | ↔️ | Using IAM tools to apply appropriate permissions |
| ↔️ | Analyze access patterns & review Permissions |