Thant Zin Phyo

     If you have been using AWS for any length of time, then you will be most familiar with this type of policy. Identity-based IAM policies in AWS are a way to manage permissions and control access for individual users, groups, or roles within your AWS accounts. You can attach these policies to identities created within the IAM service. These policies then define what actions those identities can perform and what resources they can access.      For example, suppose a group had a policy attached to it that allows full Amazon S3 access. The group users would be granted permissions based on this and any other policies bound to the group, which makes the policy an identity-based policy. By using identity-based IAM policies, you can ensure that each user, group, or role in your AWS account has the appropriate level of access to AWS resources.      They help enforce security, control resource usage, and adhere to the principle of least privilege. ...

     It is important for you to understand the differences between users, groups, and roles and their overall purposes within access control. This will help you architect and implement the most appropriate and effective access control for users and identities. In AWS IAM, users represent individual identities, such as team members or applications, that interact with AWS resources. Each user is assigned a unique username and security credentials, which can include passwords or access keys. Users can be granted specific permissions to access and perform actions on AWS resources. For example, you can create a user named Emma and permit them to manage EC2 instances. Users are typically used to grant access to specific individuals or applications within your environment. Roles, on the other hand, are used to grant temporary permissions to entities assuming those IAM roles, such as users or AWS services. Roles are not assigned to specific individuals but are assumed by trusted ...

          To gain a comprehensive understanding of IAM, there is some terminology that you need to become familiar with, some of which you have already encountered in this book. This section highlights these key terms and provides their definitions. These don’t need to be memorized for the Security Specialty exam per se, as there will be no direct questions on the terminology. However, they appear frequently in the questions, so knowing their meaning is critical so you fully understand the question or answer. These terms are listed here: • Principal: An application or person that uses either the AWS root account user, an IAM user, or an IAM role to authenticate to the specified account and make requests. This is someone or something that can take action on an AWS resource. • Resources: A resource is any item that you can work with inside an AWS account. Examples of a resource are a Lambda function, an EC2 instance, or a Relational Data Service (RDS) databas...