|
| 1 | +# Topic 1: Identity and Access Management (IAM) |
| 2 | + |
| 3 | +Identity and Access Management (IAM) is your frontline defense for controlling who can access your cloud environment and what they can do once they're in. Before you secure your Journal API, you need to understand IAM fundamentals. |
| 4 | + |
| 5 | +## Learning Objectives |
| 6 | + |
| 7 | +By the end of this topic, you will understand: |
| 8 | + |
| 9 | +- IAM concepts: users, groups, roles, and policies |
| 10 | +- The principle of least privilege and how to apply it |
| 11 | +- Service accounts and workload identity |
| 12 | +- Multi-factor authentication (MFA) and when to use it |
| 13 | +- Common IAM security mistakes and how to avoid them |
| 14 | + |
| 15 | +## Core Learning Resources |
| 16 | + |
| 17 | +### 1. Read: IAM Fundamentals |
| 18 | +Start with your cloud provider's IAM documentation: |
| 19 | + |
| 20 | +**AWS**: [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) - Read sections 1-3 |
| 21 | +**Azure**: [Azure RBAC Documentation](https://learn.microsoft.com/en-us/azure/role-based-access-control/overview) - Read overview and concepts |
| 22 | +**GCP**: [IAM Overview](https://cloud.google.com/iam/docs/overview) - Read concepts and best practices |
| 23 | + |
| 24 | +### 2. Watch: IAM in Action |
| 25 | +- [AWS IAM Tutorial](https://www.youtube.com/watch?v=Ul6FW4UANGc) (30 minutes) |
| 26 | +- [Azure RBAC Explained](https://www.youtube.com/watch?v=C7hJ3oGHrhM) (25 minutes) |
| 27 | +- [GCP IAM Deep Dive](https://www.youtube.com/watch?v=96HlT4f2AUU) (40 minutes) |
| 28 | + |
| 29 | +### 3. Learn: Security Best Practices |
| 30 | +Read these essential security guides: |
| 31 | +- [OWASP Cloud Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cloud_Security_Cheat_Sheet.html) |
| 32 | +- [CIS Cloud Security Controls](https://www.cisecurity.org/controls/cloud-security-controls) |
| 33 | + |
| 34 | +## Key Concepts to Master |
| 35 | + |
| 36 | +### IAM Components |
| 37 | +- **Users**: Individual people or applications |
| 38 | +- **Groups**: Collections of users with similar permissions |
| 39 | +- **Roles**: Set of permissions that can be assumed |
| 40 | +- **Policies**: Documents that define permissions |
| 41 | + |
| 42 | +### Principle of Least Privilege |
| 43 | +Give users and services only the minimum permissions needed to do their job. This reduces the impact if credentials are compromised. |
| 44 | + |
| 45 | +### Service Accounts vs User Accounts |
| 46 | +- **User accounts**: For people who need to access resources |
| 47 | +- **Service accounts**: For applications and services to access resources |
| 48 | + |
| 49 | +### Authentication vs Authorization |
| 50 | +- **Authentication**: Who are you? (login, MFA) |
| 51 | +- **Authorization**: What can you do? (permissions, policies) |
| 52 | + |
| 53 | +## Test Your Knowledge |
| 54 | + |
| 55 | +Use an AI assistant to test your understanding. Here are example prompts: |
| 56 | + |
| 57 | +1. "Quiz me on the difference between IAM users, groups, and roles" |
| 58 | +2. "Ask me to explain the principle of least privilege with examples" |
| 59 | +3. "Test my knowledge of when to use service accounts vs user accounts" |
| 60 | +4. "Quiz me on the difference between authentication and authorization" |
| 61 | +5. "Ask me about common IAM security mistakes and how to prevent them" |
| 62 | +6. "Test my understanding of IAM policies and how they work" |
| 63 | +7. "Quiz me on when and why to use multi-factor authentication" |
| 64 | +8. "Ask me about workload identity and why it's better than long-lived keys" |
| 65 | + |
| 66 | +## Additional Resources (Optional) |
| 67 | + |
| 68 | +### Hands-on Practice |
| 69 | +- [AWS IAM Workshop](https://catalog.workshops.aws/general-immersionday/en-US/basic-modules/30-iam) |
| 70 | +- [Azure RBAC Tutorial](https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell) |
| 71 | +- [GCP IAM Tutorial](https://cloud.google.com/iam/docs/quickstart) |
| 72 | + |
| 73 | +### Security Labs |
| 74 | +- [PwnedLabs - AWS IAM Enumeration](https://pwnedlabs.io/labs/intro-to-aws-iam-enumeration) |
| 75 | +- [PwnedLabs - IAM Breaches with CloudTrail](https://pwnedlabs.io/labs/identify-iam-breaches-with-cloudtrail-and-athena) |
| 76 | + |
| 77 | +### Reference Documentation |
| 78 | +- [AWS IAM Best Practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) |
| 79 | +- [Azure Security Best Practices](https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns) |
| 80 | +- [GCP Security Best Practices](https://cloud.google.com/security/best-practices) |
| 81 | + |
| 82 | +## Next Steps |
| 83 | + |
| 84 | +Once you feel confident with IAM concepts, move on to Topic 2. You'll implement all of this knowledge when you secure your Journal API in the capstone project. |
0 commit comments