These are my notes for my exam prep and may not contain all the important aspects.
I am keeping notes for the areas that I find important and worthwile remembering so, this is by no means complete recap of the lessons
Source: Stephane Maarek, Udemy
Regions
Regions > Availabilty Zones
North America > US East 1 for example
Users
Groups
Roles
Root has all the power
Users: physical user : you, me
Group: Users grouped together, admin, devops, finance, engineer, design etc
Role: Internal usage within AWS resources, those are for machines
Policies: JSON docs that define what those things can/cannot do
IAM is global, not region specific
Can support Multi Factor Auth
You can use pre-defined policies
Least priviliged! all the time!
IAM Federation
IAM Dump
1 Person = 1 IAM User, not shared
1 App = 1 Role, not shared (this EC2 belongs to BackEnd Java Spring Server, Prod)
Never write IAM Credentials in Code, duh
Never use ROOT anymore, just create User and let user deal with it