1. Roles
1.1. Benefits
1.1.1. Untitled
1.2. Type
1.2.1. AWS service roles
1.2.2. Role for cross-account access
1.2.3. Role for identity provider access
1.3. Fundamentals
1.3.1. Delegation
1.3.2. Federation
1.3.3. Policy
1.3.3.1. Permissions policy
1.3.3.1.1. What actions and resources a user can use
1.3.3.2. Trust policy
1.3.3.2.1. Who can assume the role
1.3.4. Cross-account access
1.4. IAM users vs federated users
1.4.1. Untitled
1.5. use case examples
1.5.1. roles for cross-account access, delegation and federation
1.5.2. temporary credentials
1.5.2.1. process
1.5.2.1.1. an IAM user switch to a role temporarily use the permissions of the role in the console
1.5.2.1.2. When users exit the role, their original permissions are restored
1.5.2.2. don't need to share or maintain long-term security credentials for each entity that needs access to a resource
1.6. switching to a role
1.7. modify a role
1.8. temporary credentials
1.9. Def
1.9.1. Roles can be issumed by users, web services, or a federated user
1.9.1.1. EC2
1.9.2. Sets of permissions
1.10. two ways to use
1.10.1. Interactively in the IAM console
1.10.2. programmatically with AWS CLI, API
1.11. AWS security token service
2. identity-based vs resource-based permissions
2.1. Untitled
3. best practices
3.1. Untitled
3.2. Use IAM roles to share access
3.2.1. Untitled
3.3. Use IAM roles for Amazon EC2 instances
3.3.1. Untitled
4. Policies
4.1. Policy structure
4.1.1. Statements
4.1.1.1. Sample statements
4.1.1.1.1. Untitled
4.1.1.2. Structure
4.1.1.2.1. Effect
4.1.1.2.2. Actions
4.1.1.2.3. Resources
4.1.1.2.4. Conditions
4.1.2. policy elements
4.1.2.1. Untitled
4.1.3. Sample policies
4.1.3.1. Untitled
4.1.4. Policy evaluation process
4.1.4.1. logical OR applied across multiple statements at evaluation time
4.1.4.2. logical OR applied across multiple policies at evaluation time
4.1.4.3. Untitled
4.2. Create policy
4.2.1. Copy an AWS managed policy
4.2.2. Policy generator
4.2.3. Create your own policy
4.3. Types
4.3.1. inline vs managed policies
4.3.1.1. Untitled
4.3.1.2. Untitled
4.3.2. groups and management policies
4.3.2.1. Untitled
4.3.2.2. Untitled
4.3.3. Managed policies
4.3.3.1. Comparison
4.3.3.1.1. Untitled
4.3.3.2. Customer managed
4.3.3.3. AWS managed
4.3.3.3.1. commonly used job functions in the IT industry
4.3.3.3.2. Granting permissions for these common job functions easy
4.3.3.3.3. they are maintained and updated by AWS as new services and APIs are introduced
4.3.3.3.4. Read-only
4.3.3.4. Examples
4.3.3.4.1. AdministratorAccess
4.3.3.4.2. PowerUserAccess
4.3.3.4.3. AWSCloudTrailReadOnlyAccess
4.4. Policy versioning
4.5. Policy simulator
5. Audit user account access
5.1. Benefits
5.1.1. Untitled
5.2. CloudTrail
5.2.1. information
5.2.1.1. Untitled
5.2.2. use cases
5.2.2.1. Untitled
5.2.3. Event examples
5.2.3.1. Untitled
5.3. Access advisor
5.3.1. Untitled
5.4. Credential report
5.4.1. Untitled
5.5. AWS trusted advisor
5.6. AWS inspector
6. IAM groups
6.1. Benefits
6.2. Why group cannot be nested?
7. IAM users
7.1. Password policies
7.2. Access keys
7.3. Multi-factor authentication
7.4. Permissions
7.5. IAM users and groups best practices
7.5.1. Untitled
7.5.2. Untitled
8. team work
8.1. Splunk AWS
8.2. Splunk Dashboard
9. Challenging part
9.1. Finish within 3 months
9.2. Untitled
10. like most
10.1. Comprehensive documentation
11. importance
11.1. one AWS account vs multiple AWS account
11.1.1. Untitled