Browse Source

Add Cloudonaut IAM reference (#447)

* Add Cloudonaut IAM reference

* Tweak language.
Ryan Brown 3 years ago
1 changed files with 1 additions and 0 deletions
  1. 1

+ 1
- 0 View File

@@ -591,6 +591,7 @@ We cover security basics first, since configuring user accounts is something you
- 🔹**Use IAM roles for EC2:** Rather than assign IAM users to applications like services and then sharing the sensitive credentials, [define and assign roles to EC2 instances]( and have applications retrieve credentials from the [instance metadata](
- Assign IAM roles by realm — for example, to development, staging, and production. If you’re setting up a role, it should be tied to a specific realm so you have clean separation. This prevents, for example, a development instance from connecting to a production database.
- **Best practices:** AWS’ [list of best practices]( is worth reading in full up front.
- **IAM Reference:** [This interactive reference for all IAM actions, effects, and resources]( is great to have open while writing new or trying to understand existing IAM policies.
- **Multiple accounts:** Decide on whether you want to use multiple AWS accounts and [research]( how to organize access across them. Factors to consider:
- Number of users
- Importance of isolation