IAM Overview
IAM is the part of Security we’d that we would already most be most familiar with, dealing as it does with users, roles and groups. If you’ve done anything whatsoever with Unix or Windows users and permissions you’ll understand best practices like using groups and roles rather than assign individual permissions to individual users.
AWS have a quick overview video here – but at some point we’ll have to dive into the documentation I’m afraid.
Read for questions, search for answers
IAM Overview docs will provide what you need at a high level. When I read any of the the AWS guides, I either think to myself ‘what test questions do I anticipate?‘, or ‘what is the underlying principle they’re trying to get across here?’.
With that in mind, I came up with the following questions as I read though -try scanning through these before you read the Overview docs for yourself.
What is the concept of a principal in IAM? What are the 4 types of principal, or level?
Regardless of using the console, SDK or CLI, all operations need to use IAM directly or indirectly. Why is this?
What is a resource defined as in the context of IAM?
What is the role of the principal in a request?
What is resource data defined as?
What is a definition of a policy in terms of IAM?
What is the workflow for a request is made for a given resource in AWS?
How are actions and operations related in terms of IAM and an AWS service? Use an example of requesting to write to an S3 bucket.
Where is the information about the type of API operation found?
What is the strategy used for evaluation of a request by an IAM identity (principal)? Assume they are not the root user. How could you think of this in a real world way?
What is a federated user? How are they authorised?
If I was using google or facebook to authenticate, how would I integrate with IAM?
What is an identity based policy? How does it differ from a resource policy?
Having these questions in mind will hopefully target you to focus on looking at the underlying principles of IAM.
Create your own study materials
With the above overview in mind, I’d strongly encourage to create your own flashcards with answers to the above and any questions of your own. I’d recommend the following sections:
Section | Why it’s important |
Understanding how IAM works | You’ll need to understand the precise terminology so that multiple choice questions don’t trip you up. |
Overview: Users | You’ll need to understand the difference between the root users, IAM users and federated users . |
Overview: Permissions and Policies | The concept of a policy is crucial to your understanding, as well as the difference between identity and resource based policies |
Access Management | Diagram here is extremely useful when trying to understand authorisation, and for understanding the whole picture of IAM. |
Do a hands-on Tutorials
I don’t think we’ll get much value of following the tutorials that are linked from the overview page. Instead, try this tutorial to use IAM policies with S3 knowledge from last week – it will give you exposure to the concepts and build on your S3 knowledge from last week.
NB Always remember to clean up!
There’s a fair bit to cover, so take your time to understand these principles. We’ll cover IAM actions next, and you’ll need to have IAM understood first.
Also, remember to record your actual vs estimated effort in your study plan – so you know how to project when you’re ready to take some practice papers.