Effective IAM for AWS
Effective IAM for Amazon Web Services
Effective IAM for Amazon Web Services is for Cloud engineers who design, develop, and review AWS IAM security policies in their daily work.
If you're struggling to deliver effective AWS security policies, this guide will help you understand why it's hard and how both you and your organization can use IAM well.
The AWS IAM documentation tells you what you can do. This guide will show you how to scale IAM best practices to all developers.
Learn how to:
- solve difficult security problems using the best parts of AWS IAM
- simplify AWS IAM into a set of secure infrastructure code building blocks to deliver changes quickly
- verify AWS IAM security policies protect resources as intended
- secure IAM continuously at any scale
Learn more about this book or how to control access to any resource.
Reviews
Senior AWS Architect, Security Specialist
"IAM is HARD. Even AWS fails at it sometimes, in practice or in documentation. One of the best pieces of advice I give to my customers when I'm running AWS Security assessments is to recommend this book as a starting point for least privilege and a better understanding of the IAM landscape on AWS. It contains many examples and schemas that help to get a clear view of how IAM works under the hood, and what you can do to attain best security practices."
Startup Technologist, Creator DevOps for Developers
"I've been working with AWS for over 10 years and I learned more in this 30 minute conversation (video) with Stephen and the Effective IAM book than I have in those past 10 years."
Technologist, Leader, Author
"In his book, Stephen does a wonderful job of explaining his recommended control loops, processes & culture to enable an organization to secure their AWS presence effectively & in a repeatable fashion."
Serverless Expert & AWS Consultant at Winter Wind Software
"Do you deal with IAM regularly but still not properly understand it? If so, I highly recommend you check out Effective IAM for AWS. Since I read it, I have a much clearer mental model on how to best define principals and policies for both security and maintainability."