IAM is the most important security service in AWS

To protect the resources inside an AWS account you need to manage who can do what. The IAM service defines who can access the account and what is allowed and what is not.

But access control is not easy. There are many concepts, such as principals and policies, that seem overwhelming at first.

This book is a comprehensive yet practical guide for access control in AWS.

Already have a license key? Sign in here
Last updated

About the book

This guide is a map for managing access in an AWS account. It contains everything you need to know to configure IAM identities and policies to safeguard the account.

IAM is a notoriously complicated service. I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.

It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.

After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.

This book is a comprehensive and easy-to-follow guide for everything you'll need to configure who can access an account and what they can do. It provides a ton of examples and practical tips with a lot of illustrations. It was written to give a complete overview of the different things you'll encounter in configuring access.

You'll learn:

  • How IAM helps with account security
  • What are the different IAM identities
  • How to write policies
  • How the policy evaluation logic works

About the author

Tamás Sallai

I'm a software developer focusing mostly on cloud computing and web technologies. I'm especially interested in how to handle edge cases to end up with dependable software.

My books and courses:

Author image

Table of contents

  • Introduction Preview
  • Access control basics Preview
    • Access elements
    • CloudTrail logging
  • IAM Policies
    • Structure
    • Policy types
    • Visual editor
  • Evaluation flow
    • Step 1: Build the request context
    • Step 2: Collect all applicable policies
    • Step 3: Run the evaluation logic
  • Evaluation examples
    • Identity policies to allow access
    • Resource policy to deny access
    • Using conditions
    • Restricted resources
  • How to secure an AWS account
    • Security as an AWS administrator
    • Security as a developer
  • Conclusion
  • Glossary
  • About the author
  • Changelog
  • Copyright

Buying options

A Practical Guide to AWS IAM

Book cover
  • Lifetime access to the book
  • All future updates
  • Web, PDF, and Epub versions
Buy for $49.95

Books & Courses package

Need a team license? Send an email to tamas.sallai@advancedweb.hu and we'll figure something out.