AWS IAM - Certified Solutions Architect Exam Guide

Key IAM Concepts for the Exam

IAM Users and Groups

• Users: Individual identities with specific permissions to access AWS resources.
• Groups: Collections of IAM users that share the same permissions. Users inherit the permissions assigned to the group.

IAM Roles

Roles are used to delegate permissions to trusted entities, such as AWS services, users, or applications. Roles do not have long-term credentials; instead, they are used to assume temporary credentials.

IAM Policies

• Managed Policies: AWS provides pre-built policies that can be attached to users, groups, or roles.
• Inline Policies: Policies that are directly embedded into a user, group, or role.
• Custom Policies: JSON-based policies that define granular permissions based on actions, resources, and conditions.

Security Best Practices

• Least Privilege Principle: Assign the minimum permissions necessary for users or services to perform their tasks.
• Multi-Factor Authentication (MFA): Enforce MFA for root accounts and sensitive operations.
• Password Policies: Set password complexity requirements, expiration periods, and enforce the use of strong passwords.

Cross-Account Access

Use IAM roles to allow users from one AWS account to access resources in another account securely.

Federation and Identity Providers

• Federation: Integrate with external identity providers (like SAML or OIDC) to grant users from those providers access to AWS resources.
• Web Identity Federation: Used for applications like mobile or web apps to authenticate users via social identity providers (e.g., Google, Facebook).

Service-Linked Roles

Roles that are predefined by AWS services to allow them to perform actions on your behalf. These roles are managed entirely by the service, reducing the complexity of managing permissions.

Resource-Based Policies

Unlike user-based policies, resource-based policies are attached directly to AWS resources like S3 buckets, SNS topics, or SQS queues, defining who can access those resources and what actions they can perform.

Exam Tips

• Understand the JSON structure of IAM policies, including elements like Effect, Action, Resource, and Condition.
• Be familiar with common use cases for IAM, such as setting up cross-account roles, creating least-privilege policies, and implementing MFA.
• Know how to configure federated access and how IAM integrates with other AWS services for authentication and authorization.
• Scenarios on the exam may require you to identify the correct IAM setup for a given use case, so practice interpreting and creating policies.