Never share root account
Policies written in JSON.
Has Global view. User are for globe, not for region.
MFA - Multi Factor Authentication can be set up.
Has predefined "managed policies"
Give minimal amount of permission need to perform job, Least privilege principal
IAM Federation
Integrate own repository of users --> can log with company credentials
use SAML standard ( Active Directory )
Best to do
IAM User per physical person
IAM Role per an Application
Never share, write in code,
Never use Root account except for set up.
No comments:
Post a Comment