In Chapter 1, Introduction to Cloud Security, we read about the AAA model of security, where we saw that authentication and authorization are very critical points. In cloud, we defined the two parts, authentication and authorization, using IAM.
In AWS, when we subscribe the services, we actually create a root account, which is single sign in for all the services.
In single sign in, we enter our user credentials once and we can move through all the connected applications without being prompted for user credentials.It's always advisable to not access the AWS Console using the root account, and also make sure that you have enabled multi-factor authentication (MFA).
- Users and groups
- Roles and policies
- WAF and Shield