To protect the resources inside an AWS account you need to manage who can do what. The IAM service defines who can access the account and what is allowed and what is not.
But access control is not easy. There are many concepts, such as principals and policies, that seem overwhelming at first.
This book is a comprehensive yet practical guide for access control in AWS.
This guide is a map for managing access in an AWS account. It contains everything you need to know to configure IAM identities and policies to safeguard the account.
IAM is a notoriously complicated service. I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.
It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.
After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.
This book is a comprehensive and easy-to-follow guide for everything you'll need to configure who can access an account and what they can do. It provides a ton of examples and practical tips with a lot of illustrations. It was written to give a complete overview of the different things you'll encounter in configuring access.
You'll learn:
Hey, I'm Tamás! I co-author the advancedweb.hu blog where I've published more than 300 articles to date on various technology topics.
I'm a software developer focusing mostly on cloud computing and web technologies. I'm especially interested in how to handle edge cases to end up with dependable software.
My books and courses: