Glossary
Explore critical AWS IAM and security vocabulary to build your foundational knowledge. This lesson covers key concepts such as APIs, IAM policies, roles, users, attribute-based access control, and the shared responsibility model. Gain clarity on terms that underpin AWS account security and access management, helping you write better policies and secure your AWS environment effectively.
We'll cover the following...
- API
- ARN
- AWS Organizations
- Access Key ID/Secret Access Key
- Attribute-Based Access Control (ABAC)
- Blast radius
- IAM
- IAM policy
- IAM role
- IAM user
- Identity-based policy
- Least privilege
- Principal
- Request context
- Resource-based policy
- Role-Based Access Control (RBAC)
- Service Control Policy (SCP)
- Shared responsibility model
API
Application Programming Interface, a set of operations that a system makes available for other systems. AWS offers a set of APIs to allow creating and managing resources inside an account.
ARN
Amazon Resource Name, a globally unique identifier for resources inside AWS. See more in the Resource lesson.
AWS Organizations
A service that manages member accounts under a management account. It makes it easy to create isolated accounts for applications. It also allows attaching Service-control policies that are the only permission type that restricts access from outside the account.
Access Key ID/Secret Access Key
These values identify the principal who is making a request to an AWS API. They are used to sign the request made to the API. Losing these keys allows an attacker to send requests in the name of the principal.
Attribute-Based Access Control (ABAC)
A permission strategy where ...