To gain a comprehensive understanding of IAM, there is some terminology that you need to become familiar with, some of which you have already encountered in this book. This section highlights these key terms and provides their definitions. These don’t need to be memorized for the Security Specialty exam per se, as there will be no direct questions on the terminology. However, they appear frequently in the questions, so knowing their meaning is critical so you fully understand the question or answer.
These terms are listed here:
• Principal: An application or person that uses either the AWS root account user, an IAM user, or an IAM role to authenticate to the specified account and make requests. This is someone or something that can take action on an AWS resource.
• Resources: A resource is any item that you can work with inside an AWS account. Examples of a resource are a Lambda function, an EC2 instance, or a Relational Data Service (RDS) database.
• Entities: An entity can be an IAM user, a federated user, or a user coming in from an IdP. It could also be an assumed IAM role in the context of AWS, and it is simply the IAM resource object that AWS uses for authentication.
• Identities: The resources used to identify who is using the services are known as identities in IAM. These are your users, groups, and roles. With a grasp of the overall IAM service and terminology, you will next be introduced to two concepts that are easy to confuse: authentication and authorization.
Authorization versus Authentication
Authorization and authentication are crucial in IAM. Even though the two terms seem incredibly similar and are used in conjunction quite frequently, it is essential to understand the difference between them as you move further into access and identity management. Understanding these differences is crucial for building secure and effective systems as these two concepts serve distinct but complementary roles in the realm of information security:
• Authentication: Authentication is the process of verifying who you claim to be. The system asks who you are, and you will often respond with a username and password. However, there can be times when you respond with a secure session token, such as an access token or a JSON
Web Token (JWT). Authentication is about answering the questions Who are you? and Can you verify who you say you are?
• Authorization: Authorization takes place after authentication and establishes what you are allowed to do. Rules and policies govern what you are authorized to access. In the world of computing, this can be relayed through a token, such as a bearer token or JWT that grants you access to services or Application Programming Interfaces (APIs).
The processes of authentication and authorization are illustrated in Figure
No comments:
Post a Comment