IAM and Security

We covered a lot last week in terms of how to make practice more efficient when we had to deep dive. This week we’re back to slightly more higher level concepts. IAM is only one part of the overall security setup, but it’s a good entrypoint, and used extensively in AWS.

If you remember the original exam blueprint that we looked at, then we’ll know security plays a huge individual part in the exam.

DomainExam Percentage
Domain 1: Deployment22%
Domain 2: Security26%
Domain 3: Development with AWS Services30%
Domain 4: Refactoring10%
Domain 5: Monitoring and Troubleshooting12%
Taken from AWS Certified Developer–Associate
(DVA-C01) Examination Guide

This week, we’ll look at AWS Security and IAM – enough to get you familiar with the concepts and building your notes out to recall during the exam. I’ve included a reference table of what we’ll cover and the relevant official notes. As ever, my role is to help you to help yourself with your study by understanding how to become self-sufficient with your study.

What we’ll cover hereAWS Reference Docs
Overview of AWS SecurityAWS Security Whitepaper
An Overview of IAMIAM Overview
IAM ActionsIAM Actions
Access Control Lists in S3S3 ACL Overview
Temporary Access CredentialsTemporary Security Credentials
Service Linked RolesUsing Service Linked Roles

Let’s start with AWS Security itself, and then see how IAM relates to that.

AWS Security Itself

The AWS Security whitepaper, whilst useful for an overview, is a bit dry, so I’ll share what I took from it.

Up to you whether you want to go through the paper for a more holistic view of AWS Security but at this point you might just want to understand the following:

  • AWS secures the cloud, you secure things within it.
  • This means you need to look after your OS/Data and Platforms
  • Identity Access Management (IAM) is one part of security (users, groups and roles)
  • Network Level Security is a another part of Security (Security Groups and Network Access Lists are supplements to Identity Management – we won’t cover them this week).
  • The more ‘managed’ a service is, the less you will have to do in terms of security (although you can’t absolve yourself of responsibility altogether)
  • We grant least privilege to users/roles, and ideally the access a user is granted is temporary (with them having to renew/refresh their access)

Let’s get an Overview of IAM next..