"acm:GetCertificate", "acm:List*", "apigateway:GET", "appstream:Get*", "autoscaling:Describe*", "aws-marketplace:ViewSubscriptions", "cloudformation:Describe*", ... A core AWS security service. Defines administrative profiles. Who can do what on the AWS console or by the additional management tools.
141 • Access to specific services. • Access to console and/or APIs. • Access to Customer Support (Business and Enterprise). IAM Users, Groups and Roles • Access to all subscribed services. • Access to billing. • Access to console and APIs. • Access to Customer Support. Account Owner ID (Root Account) AWS Principals • Access to specific services. • Access to console and/or APIs. Temporary Security Credentials
142 IAM Root Account Best Practices • 1 st account created (email + password) • D o not use the root user for your everyday tasks • Securely lock away the root user credentials – Delete any programmatic keys – Enable MFA on Root Account – Change the Root password to a strong password https:// docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html