A Practical Guide to AWS IAM by Tamás Sallai_468 x 60 .png

This course is about how AWS IAM works and how to write policies to control access in an AWS account. In this course, you will learn how AWS APIs work, explore different parts of the requests made to the APIs and elaborates on how access is determined. Additionally, you will dive into how to configure access inside AWS by describing the policy structure and the 5 policy types AWS supports.

Further, you will become familiar with how the elements in the request and the policies fit together. You will also determine whether the operation is allowed or denied by demonstrating through several step-by-step realistic examples that show exactly how IAM evaluates access, thus providing templates for how to apply these protections to AWS environments.

Lastly, this course offers you some practical tips on how to secure an account both as an administrator and as a developer. It explains the best practices and the usual pitfalls of AWS security.

AWS Security Fundamentals: A Practical Guide to AWS IAM

Now that we know the steps IAM takes to allow or deny a request, let's see a few examples. We'll use the steps defined in the [Evaluation flow](https://www.educative.io/courses/aws-security-iam/evaluation-flow) lesson.

We'll use increasingly complicated examples as you’ll see. In each example, we'll see the identities, resources, and policies in the account. We'll then build the request context with the values applicable to each scenario. The next step is to evaluate the filters against the request. And finally, we'll run the policy evaluation logic to see the final decision.

> **Note:** IAM provides a Policy Simulator tool, but in our experience, it's hardly usable. Its results do not match the actual calls and it also does not provide help with the values of the context keys.

## Identity IAM policies to allow access

Let's start with a simple example. A user has a policy that allows access to an object in an S3 bucket:

Now that we know the steps IAM takes to allow or deny a request, let's see a few examples. We'll use the steps defined in the [Evaluation flow](https://www.educative.io/courses/aws-security-iam/evaluation-flow) lesson.

We'll use increasingly complicated examples as you’ll see. In each example, we'll see the identities, resources, and policies in the account. We'll then build the request context with the values applicable to each scenario. The next step is to evaluate the filters against the request. And finally, we'll run the policy evaluation logic to see the final decision.

> **Note:** IAM provides a Policy Simulator tool, but in our experience, it's hardly usable. Its results do not match the actual calls and it also does not provide help with the values of the context keys.

# Identity IAM policies to allow access

Let's start with a simple example. A user has a policy that allows access to an object in an S3 bucket:

Take a look at an example of how to use Identity IAM policies to allow access.

Introduction

Access Control Basics

User Management using IAM

IAM Policies

Request Evaluation Flow and Examples

Role Management Using Identity and Access Management (IAM)

How to Secure an AWS Account

Conclusion

Appendix

Allow access

Identity IAM policies to allow access