{"id":3083,"date":"2019-08-31T11:46:11","date_gmt":"2019-08-31T11:46:11","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3083"},"modified":"2020-05-01T11:35:35","modified_gmt":"2020-05-01T11:35:35","slug":"aws-iam-2","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/","title":{"rendered":"AWS IAM"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Expands to Identity and Access Management<\/li><li>IAM provides a one-stop platform for control of AWS account<\/li><li>It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM<\/li><li>SSO can be implemented under Identity Federation by SAML<\/li><li>Has provision for temporary access<\/li><li>IAM important terms\n<ul>\n<li>Resources \u2013 Objects stored in IAM are resources. They can be added, edited or removed as per need. Resources includes\n<ul>\n<li>User<\/li>\n<\/ul>\n<ul>\n<li>Group<\/li>\n<\/ul>\n<ul>\n<li>Role<\/li>\n<\/ul>\n<ul>\n<li>Policy<\/li>\n<\/ul>\n<ul>\n<li>identity provider<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Identities \u2013 It is a reference for IAM resources and, applied for identification or grouping of IAM resources. Policy association is needed for IAM identity. Identity includes\n<ul>\n<li>Users<\/li>\n<\/ul>\n<ul>\n<li>Groups<\/li>\n<\/ul>\n<ul>\n<li>roles<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Entities &#8211; IAM resources used for authentication. It includes\n<ul>\n<li>users<\/li>\n<\/ul>\n<ul>\n<li>roles &#8211; can be assumed by IAM users, in another account or federated by web identity or SAML.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Principals \u2013 Refer to\n<ul>\n<li>Person\/application using AWS account as root user<\/li>\n<\/ul>\n<ul>\n<li>an IAM user<\/li>\n<\/ul>\n<ul>\n<li>IAM role which can sign in or make requests to AWS.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li><li>Terms used\n<ul>\n<li>User \u2014 an end user (like\u2026a person)<\/li>\n<\/ul>\n<ul>\n<li>Groups \u2014 refers to set of users linked to a specific permissions<\/li>\n<\/ul>\n<ul>\n<li>Policies \u2014 a document that defines permissions (which you assign to users, groups, and roles)<\/li>\n<\/ul>\n<ul>\n<li>Roles \u2014 this has nothing to do with the users in account. Roles are for granting permissions to resources, like an EC2 instance (it can do other cool stuff too)<\/li>\n<\/ul>\n<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"451\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-164-451x400.png\" alt=\"\" class=\"wp-image-3771\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-164-451x400.png 451w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-164.png 624w\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" \/><\/figure><\/div>\n\n\n\n<p><strong>Default limits for IAM entities:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td>Resource<\/td><td>Default Limit<\/td><\/tr><\/thead><tbody><tr><td>Customer managed policies in an AWS account<\/td><td>1500<\/td><\/tr><tr><td>Groups in an AWS account<\/td><td>300<\/td><\/tr><tr><td>Roles in an AWS account<\/td><td>1000<\/td><\/tr><tr><td>Managed policies attached to an IAM role<\/td><td>10<\/td><\/tr><tr><td>Managed policies attached to an IAM user<\/td><td>10<\/td><\/tr><tr><td>Count of virtual MFA devices whether assigned\/unassigned, in AWS account<\/td><td>Equal to the user quota for the account<\/td><\/tr><tr><td>Instance profiles in an AWS account<\/td><td>1000<\/td><\/tr><tr><td>Server certificates stored in an AWS account<\/td><td>20<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Limits for IAM entities:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td>Resource<\/td><td>Limit<\/td><\/tr><\/thead><tbody><tr><td>Count of access keys, assigned to IAM user<\/td><td>2<\/td><\/tr><tr><td>Total Access keys which can be assigned to root user of the AWS account<\/td><td>2<\/td><\/tr><tr><td>Aliases for an AWS account<\/td><td>1<\/td><\/tr><tr><td>Maximum number of groups, IAM user can join<\/td><td>10<\/td><\/tr><tr><td>Count of IAM users which can be in IAM group<\/td><td>Equal to user quota for AWS account<\/td><\/tr><tr><td>Maximum number of users in AWS account<\/td><td>5000 (For more users, add by temporary security credentials.)<\/td><\/tr><tr><td>Maximum number of Identity providers (IdPs) linked to IAM SAML provider object<\/td><td>10<\/td><\/tr><tr><td>Count of Keys \/ SAML provider<\/td><td>10<\/td><\/tr><tr><td>Count of Login profiles for IAM user<\/td><td>1<\/td><\/tr><tr><td>Managed policies attached to IAM group<\/td><td>10<\/td><\/tr><tr><td>Count of Permissions boundaries for AWS IAM user<\/td><td>1<\/td><\/tr><tr><td>Count of MFA devices which can be used by IAM user<\/td><td>1<\/td><\/tr><tr><td>MFA devices to be used by root user<\/td><td>1<\/td><\/tr><tr><td>Count of roles in instance profile<\/td><td>1<\/td><\/tr><tr><td>Maximum SAML providers in single AWS account<\/td><td>100<\/td><\/tr><tr><td>Number of Signing certificates linked to IAM user<\/td><td>2<\/td><\/tr><tr><td>Count of SSH public keys linked to IAM user<\/td><td>5<\/td><\/tr><tr><td>Maximum tags which can link to IAM role<\/td><td>50<\/td><\/tr><tr><td>Maximum tags which can link to IAM user<\/td><td>50<\/td><\/tr><tr><td>Count of Versions of stored managed policy<\/td><td>5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The following are the maximum lengths for entities:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td>Description<\/td><td>Limit<\/td><\/tr><\/thead><tbody><tr><td>Path<\/td><td>512 characters<\/td><\/tr><tr><td>User name<\/td><td>64 characters<\/td><\/tr><tr><td>Group name<\/td><td>128 characters<\/td><\/tr><tr><td>Role name<\/td><td>64 characters<\/td><\/tr><tr><td>Tag key<\/td><td>128 characters<\/td><\/tr><tr><td>Tag value<\/td><td>256 characters. Tag values can be empty.<\/td><\/tr><tr><td>Instance profile name<\/td><td>128 characters<\/td><\/tr><tr><td>Limit for Unique IDs created by IAM<\/td><td>128 characters<\/td><\/tr><tr><td>Policy name<\/td><td>128 characters<\/td><\/tr><tr><td>Password for a login profile<\/td><td>1 to 128 characters<\/td><\/tr><tr><td>Limit for AWS account ID Alias<\/td><td>3 to 63 characters<\/td><\/tr><tr><td>Limit for JSON text in Role trust policy<\/td><td>2,048 characters<\/td><\/tr><tr><td>Role session name<\/td><td>64 characters<\/td><\/tr><tr><td>Role session duration<\/td><td>12 hours<\/td><\/tr><tr><td>For inline policies<\/td><td>Total size of all inline policies \/ entity for each type, is as &#8211; User policy &#8211; 2,048 characters Role policy &#8211; 10,240 characters Group policy &#8211; 5,120 characters<\/td><\/tr><tr><td>For managed policies<\/td><td>Maximum 10 per IAM user, role, or group. Maximum size of each policy &#8211; 6,144 characters.&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Expands to Identity and Access Management IAM provides a one-stop platform for control of AWS account It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM SSO can be implemented under Identity Federation by SAML Has provision for temporary access IAM important terms Resources&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":37,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,303],"class_list":["post-3083","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-aws-iam"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AWS IAM | Tutorials | Testprep<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWS IAM | Tutorials | Testprep\" \/>\n<meta property=\"og:description\" content=\"Expands to Identity and Access Management IAM provides a one-stop platform for control of AWS account It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM SSO can be implemented under Identity Federation by SAML Has provision for temporary access IAM important terms Resources...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:35:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-164-451x400.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/\",\"name\":\"AWS IAM | Tutorials | Testprep\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T11:46:11+00:00\",\"dateModified\":\"2020-05-01T11:35:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AWS IAM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWS IAM | Tutorials | Testprep","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/","og_locale":"en_US","og_type":"article","og_title":"AWS IAM | Tutorials | Testprep","og_description":"Expands to Identity and Access Management IAM provides a one-stop platform for control of AWS account It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM SSO can be implemented under Identity Federation by SAML Has provision for temporary access IAM important terms Resources...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:35:35+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-164-451x400.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/","name":"AWS IAM | Tutorials | Testprep","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T11:46:11+00:00","dateModified":"2020-05-01T11:35:35+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/aws-iam-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"AWS IAM"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3083"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3083\/revisions"}],"predecessor-version":[{"id":5145,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3083\/revisions\/5145"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}