AWS Certified Solutions Architect - Professional
  • AWS Certified Solutions Architect - Professional
  • Analytics
    • Athena
    • Data Exchange
    • Kinesis Data Firehose
    • EMR
    • Glue
    • Kinesis Data Streams
    • Kinesis Data Analytics
    • Lake Formation
    • Managed Service for Apache Flink
    • Managed Streaming for Apache Kafka (Amazon MSK)
    • OpenSearch Service
    • QuickSight
  • Application Integration
    • AppFlow
  • AppSync
  • EventBridge
  • MQ
  • Simple Notification Service
  • Simple Queue Service
  • Step Functions
  • Simple Workflow Service
  • Mechanical Turk
  • Blockchain
    • Managed Blockchain
  • Business Applications
    • Simple Email Service
  • Cloud Financial Management
    • Budgets
    • Cost and Usage Report
  • Cost Explorer
  • Savings Plans
  • COMPUTE
    • App Runner
  • Auto Scaling
  • Batch
  • Elastic Beanstalk
  • OpsWorks
  • Elastic Compute Cloud
  • Fargate
  • Lambda
  • Serverless Application Model
  • Lightsail
  • Outposts
  • Wavelength
  • CONTAINERS
    • Elastic Container Registry
    • Elastic Container Service
    • ECS Anywhere
    • Elastic Kubernetes Service
    • EKS Anywhere
    • EKS Distro
  • DATABASES
    • Aurora
  • Aurora Serverless
  • DocumentDB
  • DynamoDB
  • ElastiCache
  • Keyspaces
  • Neptune
  • Quantum Ledger Database
  • Elasticsearch
  • Relational Database Service
  • Redshift
  • Timestream
  • Developer Tools
    • CI/CD using AWS Code
    • CodeArtifact
    • CodeBuild
    • CodeDeploy
    • CodeGuru
    • CodePipeline
    • X-Ray
  • End User Computing
    • AppStream 2.0
  • Workspaces
  • Frontend Web and Mobile
    • Amplify
    • API Gateway
    • Device Farm
    • Pinpoint
  • Internet of Things
    • IoT Core
    • IoT Device Defender
    • IoT Device Management
    • IoT Events
    • IoT Greengrass
    • IoT SiteWise
    • IoT Things Graph
  • IoT 1-Click
  • Machine Learning
    • Comprehend
    • Fraud Detector
    • Kendra
    • Lex
    • Personalize
    • Polly
    • Rekognition
  • SageMaker AI
  • Textract
  • Transcribe
  • Translate
  • Forecast 101
  • Management and Governance
    • CloudFormation
    • CloudTrail
    • CloudWatch
    • CloudWatch Logs
    • Cost Allocation Tags
    • Command Line Interface
    • Compute Optimizer
    • Config
    • Control Tower
    • Health Dashboard
    • License Manager
    • Managed Grafana
    • Managed Service for Prometheus
    • Management Console
    • Organizations
    • Proton
    • Service Catalog
    • Service Quotas
    • Systems Manager
    • Trusted Advisor
    • Well-Architected Tool
    • SAML2.0 Identity Federation
    • IAM Identity Center
    • Directory Service
  • Service Control Policies
  • Permissions Boundaries
  • Permissions Evaluation
  • Media Services
    • Elastic Transcoder
    • Kinesis Video Streams
  • Migration and Transfer
    • 6R's of Cloud Migration
    • Application Discovery Service
    • Application Migration Service
    • Database Migration Service
    • DataSync
    • Migration Hub
    • Schema Conversion Tool
    • Snow Family
    • Transfer Family
  • Networking and Content Delivery
    • Private and Public Services
    • DHCP In a VPC
    • VPC Router
    • Stateful vs Stateless Firewalls
    • Network Access Control Lists
    • Security Groups
    • Local Zones
    • Border Gateway Protocol
    • Global Accelerator
    • IPSec VPN
    • Site2Site VPN
    • Transit Gateway
    • VPC Routing
    • Accelerated Site-to-Site VPN
    • Client VPN
    • Direct Connect (DX)
    • Route53
    • Private Link
    • VPC
    • VPC Flow Logs
    • CloudFront
    • Elastic Load Balancing
  • Security, Identity, and Compliance
    • Artifact
    • Audit Manager
    • Certificate Manager
    • Parameter Store
    • CloudHSM
    • Cognito
    • Detective
    • Firewall Manager
    • GuardDuty
    • Identity and Access Management
    • Inspector
    • Key Management Service
    • Macie
    • Network Firewall
    • Resource Access Manager
    • Secrets Manager
    • Security Hub
    • Security Token Service
    • Shield
    • WAF
  • Storage
    • Backup
    • Elastic Block Store
    • Instance Store Volumes
    • Elastic Disaster Recovery
    • Elastic File System
    • FSx
    • Simple Storage Service
    • S3 Glacier
    • Storage Gateway
  • DISASTER RECOVERY
    • Types of DR - Cold, Warm, PilotLight
    • DR Architecture - Storage
    • DR Architecture - Compute
    • DR Architecture - Database
    • DR Architecture - Networking
Powered by GitBook
On this page
  1. Security, Identity, and Compliance

Identity and Access Management

  • IAM enables secure access control to AWS services and resources.

  • IAM is global—not tied to a specific AWS Region.

  • IAM users represent individual identities with long-term credentials.

  • IAM groups allow managing permissions for multiple users at once.

  • IAM roles are used for temporary access, commonly assumed by AWS services or users.

  • IAM policies define permissions using JSON documents.

  • Policies can be attached to users, groups, or roles.

  • Supports inline and managed policies (AWS-managed or customer-managed).

  • IAM roles can be assumed across AWS accounts using trust policies.

  • Supports temporary credentials via AWS STS (Security Token Service).

  • Enforces least privilege principle for security best practices.

  • IAM supports MFA (Multi-Factor Authentication) for enhanced security.

  • Access Analyzer helps detect unintended public or cross-account access.

  • IAM permissions boundaries define the maximum permissions a role or user can have.

  • AWS Organizations can enforce SCPs (Service Control Policies) to restrict IAM entities across accounts.

Last updated 7 days ago