• The first account created when signing up AWS is a root account. Its highly recommended not to use this account instead an admin account has to be created with administrator account.

  • IAM is global and its not region specific.

  • An account can be provisioned with access key and secret that enables programmatic access to aws.

  • Its recommended to enable Multifactor Authentication for all users to access Console.

  • Policies define how a resource can be accessed by other resource in AWS e.g. EC2 or by users

    Its usually defined with JSON object.

  • Roles can be created with multiple polices giving access to various resources in AWS. Its attached to resources given access to other resources in AWS.

  • An user can be attached groups, Any modification to policy in the group will be applied to all users in the group

  • All permission in AWS is implicitly denied until permissions are granted explicitly

  • Least privileges security is the best practice to follow when provision access in AWS. In other words, always give least available permission to a user that is enough with regards to their assigned role.