{"id":1759,"date":"2019-08-07T06:10:09","date_gmt":"2019-08-07T06:10:09","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=1759"},"modified":"2020-05-02T06:45:34","modified_gmt":"2020-05-02T06:45:34","slug":"aws-iam","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/","title":{"rendered":"AWS IAM"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Expands to Identity and Access Management<\/li><li>Gives you centralised control of an AWS account<\/li><li>Is global &#8211; there is no concept of regional IAM\nat this time; all users, groups, policies, etc are available in all regions.<\/li><li>Supports Identity Federation which can be used\nfor Single Sign-on i.e. via SAML<\/li><li>Can be used to give temporary access<\/li><li>IAM terms<ul><li>Resources\n&#8211; The user, group, role, policy, and identity provider objects that are stored\nin IAM. You can add, edit, and remove resources from IAM.<\/li><\/ul><ul><li>Identities\n&#8211; The IAM resource objects that are used to identify and group. Attach a policy\nto an IAM identity. These include users, groups, and roles.<\/li><\/ul><ul><li>Entities\n&#8211; The IAM resource objects that AWS uses for authentication and include users\nand roles. Roles can be assumed by IAM users and roles in your or another\naccount. They can also be assumed by users federated through a web identity or\nSAML.<\/li><\/ul><ul><li>Principals\n&#8211; A person or application that uses the AWS account root user, an IAM user, or\nan IAM role to sign in and make requests to AWS.<\/li><\/ul><\/li><li>Terms used<ul><li>User\n\u2014 an end user (like\u2026a person)<\/li><\/ul><ul><li>Groups\n\u2014 a collection of users under one set of permissions<\/li><\/ul><ul><li>Policies\n\u2014 a document that defines permissions (which you assign to users, groups, and\nroles)<\/li><\/ul><ul><li>Roles\n\u2014 this has nothing to do with the users in your account. Roles are for granting\npermissions to resources, like an EC2 instance (it can do other cool stuff too)<\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"451\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image039-451x400.png\" alt=\"\" class=\"wp-image-1766\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image039-451x400.png 451w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image039.png 800w\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" \/><\/figure>\n\n\n\n<p><strong>Default limits for IAM entities:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td>Resource<\/td><td>Default Limit<\/td><\/tr><\/thead><tbody><tr><td>Customer managed policies in an AWS account<\/td><td>1500<\/td><\/tr><tr><td>Groups in an AWS account<\/td><td>300<\/td><\/tr><tr><td>Roles in an AWS account   <\/td><td>1000   <\/td><\/tr><tr><td>Managed policies attached to an IAM role   <\/td><td>10   <\/td><\/tr><tr><td>Managed policies attached to an IAM user   <\/td><td>10   <\/td><\/tr><tr><td>Virtual MFA devices (assigned or unassigned) in an AWS account   <\/td><td>Equal to the user quota for the account   <\/td><\/tr><tr><td>Instance profiles in an AWS account<\/td><td>1000<\/td><\/tr><tr><td>Server certificates stored in an AWS account   <\/td><td>20   <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Limits for IAM entities:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td>Resource<\/td><td>Limit<\/td><\/tr><\/thead><tbody><tr><td>Access keys assigned to an IAM user   <\/td><td>2<\/td><\/tr><tr><td>Access keys assigned to the AWS account root user<\/td><td>2<\/td><\/tr><tr><td>Aliases for an AWS account<\/td><td>1<\/td><\/tr><tr><td>Groups an IAM user can be a member of<\/td><td>10<\/td><\/tr><tr><td>IAM users in a group<\/td><td>Equal to the user quota for the account<\/td><\/tr><tr><td>Users in an AWS account<\/td><td>5000 (If you need to add a large number of users,   consider using temporary security credentials.)<\/td><\/tr><tr><td>Identity providers (IdPs) associated with an IAM SAML   provider object<\/td><td>10<\/td><\/tr><tr><td>Keys per SAML provider<\/td><td>10<\/td><\/tr><tr><td>Login profiles for an IAM user<\/td><td>1<\/td><\/tr><tr><td>Managed policies attached to an IAM group<\/td><td>10<\/td><\/tr><tr><td>Permissions boundaries for an IAM user<\/td><td>1<\/td><\/tr><tr><td>Permissions boundaries for an IAM role<\/td><td>1<\/td><\/tr><tr><td>MFA devices in use by an IAM user<\/td><td>1<\/td><\/tr><tr><td>MFA devices in use by the AWS account root user<\/td><td>1<\/td><\/tr><tr><td>Roles in an instance profile<\/td><td>1<\/td><\/tr><tr><td>SAML providers in an AWS account<\/td><td>100<\/td><\/tr><tr><td>Signing certificates assigned to an IAM user<\/td><td>2<\/td><\/tr><tr><td>SSH public keys assigned to an IAM user<\/td><td>5<\/td><\/tr><tr><td>Tags that can be attached to an IAM role<\/td><td>50<\/td><\/tr><tr><td>Tags that can be attached to an IAM user<\/td><td>50<\/td><\/tr><tr><td>Versions of a managed policy that can be stored<\/td><td>5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The following are the maximum lengths for entities:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Description<\/strong><\/td><td><strong>Limit<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Path<\/td><td>512 characters<\/td><\/tr><tr><td>User name<\/td><td>64 characters<\/td><\/tr><tr><td>Group name   <\/td><td>128 characters<\/td><\/tr><tr><td>Role name<\/td><td>64 characters<\/td><\/tr><tr><td>Tag key<\/td><td>128 characters<\/td><\/tr><tr><td>Tag value<\/td><td>256 characters. Tag values can be empty.    <\/td><\/tr><tr><td>Instance profile name<\/td><td>128 characters<\/td><\/tr><tr><td>Unique IDs created by IAM   <\/td><td>128 characters<\/td><\/tr><tr><td>Policy name   <\/td><td>128 characters<\/td><\/tr><tr><td>Password for a login profile   <\/td><td>1 to 128 characters<\/td><\/tr><tr><td>Alias for an AWS account ID<\/td><td>3 to 63 characters<\/td><\/tr><tr><td>Role trust policy JSON text (the policy that   determines who is allowed to assume the role)    <\/td><td>2,048 characters<\/td><\/tr><tr><td>Role session name<\/td><td>64 characters<\/td><\/tr><tr><td>Role session duration<\/td><td>12 hours When you assume a role from the AWS CLI or API, you   can use the <code>duration-seconds<\/code>CLI parameter or the <code>DurationSeconds<\/code>API parameter to request a longer role session. You can specify a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role, which can range from 1 hour to 12 hours.    <\/td><\/tr><tr><td>For inline policies<\/td><td>The total aggregate policy size (the sum size of all   inline policies) per entity cannot exceed the following limits: User policy size cannot exceed 2,048 characters Role policy size cannot exceed 10,240 characters Group policy size cannot exceed 5,120 characters<\/td><\/tr><tr><td>For manage policies<\/td><td>You can add up to 10 managed policies to an IAM user,   role, or group. The size of each managed policy cannot exceed 6,144 characters.&nbsp;<\/td><\/tr><tr><td>For session policies<\/td><td>You can pass only one JSON policy as a parameter when you programmatically create a temporary session for a role or federated user. The size of each managed policy cannot exceed 2,048 characters.    <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Expands to Identity and Access Management Gives you centralised control of an AWS account Is global &#8211; there is no concept of regional IAM at this time; all users, groups, policies, etc are available in all regions. Supports Identity Federation which can be used for Single Sign-on i.e. via SAML Can be used to give&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":383,"menu_order":39,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,303],"class_list":["post-1759","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-aws-iam"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AWS IAM - Testprep Training Tutorials<\/title>\n<meta name=\"description\" content=\"Expands to Identity and Access Management\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWS IAM - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Expands to Identity and Access Management\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T06:45:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image039-451x400.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/\",\"name\":\"AWS IAM - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-07T06:10:09+00:00\",\"dateModified\":\"2020-05-02T06:45:34+00:00\",\"description\":\"Expands to Identity and Access Management\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified SysOps Administrator &#8211; Associate (SOA-C01)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AWS IAM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWS IAM - Testprep Training Tutorials","description":"Expands to Identity and Access Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/","og_locale":"en_US","og_type":"article","og_title":"AWS IAM - Testprep Training Tutorials","og_description":"Expands to Identity and Access Management","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T06:45:34+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image039-451x400.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/","name":"AWS IAM - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-07T06:10:09+00:00","dateModified":"2020-05-02T06:45:34+00:00","description":"Expands to Identity and Access Management","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/aws-iam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified SysOps Administrator &#8211; Associate (SOA-C01)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-sysops-administrator-associate\/"},{"@type":"ListItem","position":3,"name":"AWS IAM"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/1759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=1759"}],"version-history":[{"count":6,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/1759\/revisions"}],"predecessor-version":[{"id":5240,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/1759\/revisions\/5240"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/383"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=1759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=1759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=1759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}