4 Policies and procedures for secure access

This chapter covers

Creating best practices to improve and evaluate your IAM configuration
Applying least privilege access control to reduce risk in the event of an attack
Evaluating credential expiration times to balance security and convenience
Reviewing IAM resources periodically to ensure your configuration is secure

As we saw in chapters 2 and 3, there are multiple ways to do the same thing in IAM. You can grant permissions directly to a user or have them applied through a group. You can write a policy inline on the user, or you can attach a managed policy. The last chapter explained how to do all of these things, but it didn’t explain when to do them. I wish I could say this chapter had the ...

Get AWS Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

AWS Security by Dylan Shields

4 Policies and procedures for secure access

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly