AWS Security Notes - gecko-8/devwiki Wiki

Up

IAM Users

  • Used to access AWS resources from outside AWS.
  • Use policies to determine access.

Password User

  • Used to log into the AWS Console itself.

Programmatic User

  • Used to allow code running outside AWS access to AWS resources.

IAM Roles

  • Used to access AWS resources that don't live within an AWS VPC/Subnet environment from other AWS resources.
  • Use policies to determine access.

Policies

  • Groupings of access rules attached to User/Roles.

Security Groups

  • A firewall used to limit access to groups of resources within a VPC.
  • Resources from any subnet/AZ can be in the same security group.
  • Stateful firewall so you only need to set a single rule (response is automatically included).
  • Rules can target an IP address or another security group (to allow all resources in that group access).

Network ACL

  • A subnet level firewall used to limit access into and out of a subnet.
  • Stateless firewall so you need to set two rules for each request (request and response).