Basic Information
Identifying Resources
Amazon Globally Unique Identifier in ARN (Amazon Resource Notation)
arn:partition:service:region:account-id:resource-id
examples:
arn:aws:ec2:us-east-1:427648302155:instance/i-04cc1c2c7ec1af1b5
arn:aws-us-gov:s3:::hl-it-admin (doesn't have a region or account-id - account-id must be unique)
arn:aws:iam::346814769439:user/contractor (doesn't have a region since it is global)
AWS IAM Identities
| Identity | Description |
|---|---|
| IAM Users | Identities assigned to individuals or apps with long-term credentials for accessing resources |
| IAM Roles | Identities with short-lived credentials that provide specific access |
| Federated Users | Users that access resources via federation such as AD or Okta |
| Service-Linked Roles | Automatically created roles that allow AWS services to perform actions on your behalf, linked directly to specific services |
AWS Key Format
- AKIA - Long-Term Credentials for IAM User or Root User
- ASIA - Short-Lived Credentials Created by AWS STS (Security Token Service)
AWS API (service) endpoints
- iam.amazonaws.com
- iam.us-gov.amazonaws.com
- ec2.us-east-2.amazonaws.com
- s3.us-west-2.amazonaws.com
- cloudformation.eu-west-3.amazonaws.com
- organization.us-east-1.amazonaws.com