"acm:GetCertificate",
"acm:List*",
"apigateway:GET",
"appstream:Get*",
"autoscaling:Describe*",
"aws-marketplace:ViewSubscriptions",
"cloudformation:Describe*",
...
A core AWS security service.
Defines administrative profiles.
Who can do what on the AWS console or by the additional management tools.
141
•
Access to specific services.
•
Access to console and/or APIs.
•
Access to Customer Support (Business and Enterprise).
IAM Users, Groups and Roles
•
Access to all subscribed services.
•
Access to billing.
•
Access to console and APIs.
•
Access to Customer Support.
Account Owner ID (Root Account)
AWS Principals
•
Access to specific services.
•
Access to console and/or APIs.
Temporary Security Credentials
142
IAM Root Account Best Practices
•
1
st
account created (email + password)
•
D
o not use the root user for your everyday tasks
•
Securely lock away the root user credentials
–
Delete any programmatic keys
–
Enable MFA on Root Account
–
Change the Root password to a strong password
https://
docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
