1. Audit user account access
1.1. Benefits
1.1.1. Untitled
1.2. CloudTrail
1.2.1. information
1.2.1.1. Untitled
1.2.2. use cases
1.2.2.1. Untitled
1.2.3. Event examples
1.2.3.1. Untitled
1.3. Access advisor
1.3.1. Untitled
1.4. Credential report
1.4.1. Untitled
1.5. AWS trusted advisor
1.6. AWS inspector
2. IAM groups
2.1. Benefits
2.2. Why group cannot be nested?
3. IAM users
3.1. Password policies
3.2. Access keys
3.3. Multi-factor authentication
3.4. Permissions
3.5. IAM users and groups best practices
3.5.1. Untitled
3.5.2. Untitled
4. team work
4.1. Splunk AWS
4.2. Splunk Dashboard
5. Challenging part
5.1. Finish within 3 months
5.2. Untitled
6. like most
6.1. Comprehensive documentation
7. importance
7.1. one AWS account vs multiple AWS account
7.1.1. Untitled
7.2. News services and APIs are introduced on a regular basis
8. Roles
8.1. Benefits
8.1.1. Untitled
8.2. Type
8.2.1. AWS service roles
8.2.2. Role for cross-account access
8.2.3. Role for identity provider access
8.3. Fundamentals
8.3.1. Delegation
8.3.2. Federation
8.3.3. Policy
8.3.3.1. Permissions policy
8.3.3.1.1. What actions and resources a user can use
8.3.3.2. Trust policy
8.3.3.2.1. Who can assume the role
8.3.4. Cross-account access
8.4. IAM users vs federated users
8.4.1. Untitled
8.5. use case examples
8.5.1. roles for cross-account access, delegation and federation
8.5.2. temporary credentials
8.5.2.1. process
8.5.2.1.1. an IAM user switch to a role temporarily use the permissions of the role in the console
8.5.2.1.2. When users exit the role, their original permissions are restored
8.5.2.2. don't need to share or maintain long-term security credentials for each entity that needs access to a resource
8.6. switching to a role
8.7. modify a role
8.8. temporary credentials
8.9. Def
8.9.1. Roles can be issumed by users, web services, or a federated user
8.9.1.1. EC2
8.9.2. Sets of permissions
8.10. two ways to use
8.10.1. Interactively in the IAM console
8.10.2. programmatically with AWS CLI, API
8.11. AWS security token service
9. identity-based vs resource-based permissions
9.1. Untitled
10. best practices
10.1. Untitled
10.2. Use IAM roles to share access
10.2.1. Untitled
10.3. Use IAM roles for Amazon EC2 instances
10.3.1. Untitled
11. Policies
11.1. Policy structure
11.1.1. Statements
11.1.1.1. Sample statements
11.1.1.1.1. Untitled
11.1.1.2. Structure
11.1.1.2.1. Effect
11.1.1.2.2. Actions
11.1.1.2.3. Resources
11.1.1.2.4. Conditions
11.1.2. policy elements
11.1.2.1. Untitled
11.1.3. Sample policies
11.1.3.1. Untitled
11.1.4. Policy evaluation process
11.1.4.1. logical OR applied across multiple statements at evaluation time
11.1.4.2. logical OR applied across multiple policies at evaluation time
11.1.4.3. Untitled
11.2. Create policy
11.2.1. Copy an AWS managed policy
11.2.2. Policy generator
11.2.3. Create your own policy
11.3. Types
11.3.1. inline vs managed policies
11.3.1.1. Untitled
11.3.1.2. Untitled
11.3.2. groups and management policies
11.3.2.1. Untitled
11.3.2.2. Untitled
11.3.3. Managed policies
11.3.3.1. Comparison
11.3.3.1.1. Untitled
11.3.3.2. Customer managed
11.3.3.3. AWS managed
11.3.3.3.1. commonly used job functions in the IT industry
11.3.3.3.2. Granting permissions for these common job functions easy
11.3.3.3.3. they are maintained and updated by AWS as new services and APIs are introduced
11.3.3.3.4. Read-only
11.3.3.4. Examples
11.3.3.4.1. AdministratorAccess
11.3.3.4.2. PowerUserAccess
11.3.3.4.3. AWSCloudTrailReadOnlyAccess