Day 2 of AWS Learning: Diving Deeper into IAM and Mastering AWS CLI SDK

There are mainly three ways to access AWS:

1. AWS Management Console: This is a graphical interface for using AWS services, which is protected by a password and multi-factor authentication (MFA) for security compliance.
2. AWS CLI: This tool is commonly used in the industry to access AWS services through the command line interface. It requires an Access Key and Secret Key for authentication. The Access Key acts like a username, while the Secret Key is akin to a password for the Access Key. Users can manage their own Access Keys, which are created when an IAM user is set up with the necessary policies attached. The Access and Secret Keys can be generated through the AWS Management Console. You can also develop scripts to manage your AWS resources using the AWS CLI.
3. AWS SDK: The AWS Software Development Kit (SDK) consists of language-specific APIs (sets of libraries) that enable you to access and manage AWS services programmatically.

The AWS CLI is built on top of the AWS SDK, particularly using AWS SDK for Python libraries.

IAM Roles for Services:

In AWS, when a service needs to perform an action on your behalf, you assign permissions to AWS services using IAM Roles.

IAM Security Tools:

1. IAM Credentials Report (Account-Level): This report provides a detailed list of all the users in your account, along with the status of their credentials. It shows when each user was last active and when their password was last changed.
2. IAM Access Advisor (User-Level): Through the AWS Management Console, users can view the permissions granted to them and see when those services were last accessed. Based on this information, additional policies can be attached to users as needed.