You're reading from Implementing Identity Management on AWS A real-world guide to solving customer and workforce IAM challenges in your AWS cloud environments

Product type Paperback

Published in Oct 2021

Publisher Packt

ISBN-13 9781800562288

Length 504 pages

Edition 1st Edition

Tools

AWS

Concepts

Identity Management

Author (1):

Jon Lehtinen

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools

2. Chapter 1: An Introduction to IAM and AWS IAM Concepts FREE CHAPTER

3. Chapter 2: An Introduction to the AWS CLI

4. Chapter 3: IAM User Management

5. Chapter 4: Access Management, Policies, and Permissions

6. Chapter 5: Introducing Amazon Cognito

7. Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On

8. Chapter 7: Other AWS Identity Services

9. Section 2: Implementing IAM on AWS for Administrative Use Cases

10. Chapter 8: An Ounce of Prevention – Planning Your Administrative Model

11. Chapter 9: Bringing Your Admins into the AWS Administrative Backplane

12. Chapter 10: Administrative Single Sign-On to the AWS Backplane

13. Section 3: Implementing IAM on AWS for Application Use Cases

14. Chapter 11: Bringing Your Users into AWS

15. Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider

16. Other Books You May Enjoy

Managing and securing root IAM user accounts

IAM user accounts are the basic units of accountability when a principal authenticates itself directly through AWS IAM, thus ensuring that those accounts are hardened is foundational to the security of the entire AWS account. However, before we begin on general account management and security, we need to address some peculiarities and best practices of a unique account type.

Differences between root user account and IAM user accounts

We've heard that repetition is key to learning. In both Chapter 1, An Introduction to IAM and AWS IAM Concepts, and Chapter 2, An Introduction to the AWS CLI, we created IAM users using both the AWS Management Console and the AWS CLI. The IAM users that were created were no less capable of doing anything inside of the AWS account by dint of them being members of the Full Administrators group. However, this still was an example of an AWS IAM security best practice. The AWS root account should not be...