IAM Best Practices Course

This course moves from foundational understanding of IAM into best practices in application of the principles learned.

1 hour, 34 minutes

Course description

Building on the IAM basics from the previous course, this course discusses applying IAM best practices. We'll look at how to create and manage user accounts, determine effective password policies, use credential rotation and follow the principle of least privilege. Then we'll discuss additional policies, applications and tools specific to AWS IAM management.


Additional security services

Video - 00:07:00

This episode explains the basics of Cognito, GuardDuty, and Macie as it relates to authentication and security monitoring. It also explores the threat vectors of which you should be aware.
Key security services

Video - 00:05:00

The selection and use of security services is essential and this episode explores services such as AWS Shield, WAF, SSO, and Secrets Manager and how they apply to your deployments.
Service control policies

Video - 00:06:00

When you what to implement global constraints for accounts in your AWS organization, service control policies are the ticket. We will explore them in this episode.
AWS control tower

Video - 00:11:00

This episode will explore the features and benefits of using AWS Control Tower to manage multiple AWS accounts.

Video - 00:12:00

When you have IAM users, groups, roles, and policies defined, it's time to think about how you will track or log everything that's going on in AWS. In this episode you will learn about AWS CloudTrail and how it can help you monitor and even be alerted in relation to the security events in your account.
Policy conditions

Video - 00:08:00

Policy conditions impact when and how a policy is applied in AWS. In this episode you will see how to create an IAM policy and define policy conditions.
Amazon STS

Video - 00:06:00

The Amazon Security Token Service (STS) allows for secure communications and access between AWS services, such as between an EC2 instance and S3. You will learn about this service in this episode.
IAM roles

Video - 00:08:00

When you want an application or CLI interface to access AWS and its services, you can use IAM roles. This episode explores the process used to create and manage roles in AWS.
Principle of least privilege

Video - 00:05:00

One of the biggest and most common mistakes made in security management is granting too many permissions to a user. The principle of least privilege can assist in preventing this and it is covered in this episode.
Credential rotation

Video - 00:06:00

An additional factor is credential rotation. You will learn about this process and how to configure password rotation policies in this episode.
Password policies

Video - 00:09:00

With your user accounts, you will want to have strong passwords. AWS can help you with this through the implementation of password policies and you will learn how to use them in this episode.
User accounts

Video - 00:11:00

As we move forward with a foundational understanding of IAM from chapter 7, we will begin exploring practical application in this chapter. Here in episode one, we will discuss best practices and tasks involved in user account creation and management.

Meet the author

Mike Meyers

Mike Meyers, affectionately called the "Alpha Geek," is the industry's leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust