AWS Security Notes - gecko-8/devwiki GitHub Wiki
Up
IAM Users
- Used to access AWS resources from outside AWS.
- Use policies to determine access.
Password User
- Used to log into the AWS Console itself.
Programmatic User
- Used to allow code running outside AWS access to AWS resources.
IAM Roles
- Used to access AWS resources that don't live within an AWS VPC/Subnet environment from other AWS resources.
- Use policies to determine access.
Policies
- Groupings of access rules attached to User/Roles.
Security Groups
- A firewall used to limit access to groups of resources within a VPC.
- Resources from any subnet/AZ can be in the same security group.
- Stateful firewall so you only need to set a single rule (response is automatically included).
- Rules can target an IP address or another security group (to allow all resources in that group access).
Network ACL
- A subnet level firewall used to limit access into and out of a subnet.
- Stateless firewall so you need to set two rules for each request (request and response).