AWS Config VS AWS Identity and Access Management

Periodic Audits and Compliance Checks: Use AWS Config and AWS Security Hub for continuous compliance tracking. Run AWS Inspector on periodic security checks of any identified vulnerabilities and always for mitigation. - Source: dev.to / 26 days ago

AWS has a lot of controls built in, but what if you need more? AWS Config allows you to create your own rules. These rules can then inspect your resources and determine if they are compliant. This is useful when you want to enforce certain configuration settings. Giving you an overview of how compliant your workloads are. - Source: dev.to / 3 months ago

AWS Config is a service that provides a detailed inventory of all of the resources in your AWS account, along with their configuration settings. By using AWS Config, you can easily identify any resources that are not configured correctly, such as those that are not compliant with your security policies. Additionally, AWS Config provides change management capabilities, allowing you to see when changes were made to... Source: about 1 year ago

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. With AWS Config, you can review changes to your resources and maintain an inventory of your AWS resources. - Source: dev.to / about 1 year ago

Once you have enforced the rule to set up MFA through your IdP, make sure to set up an AWS Config rule to ensure that your users have followed through and taken the steps to set it up. You can use one of the pre-built AWS Config MFA-based rules and get alerted via email if a user is non-compliant. - Source: dev.to / over 1 year ago

Each group will have an IAM role assigned. The roles will allow read/write and read access to the members of the FullAccess and ReadOnlyAccess groups, respectively. - Source: dev.to / 6 months ago

It's great, but where will IAM get the sub's value from? The ${cognito-identity.amazonaws.com:sub} policy variable refers to it, so there must be something somewhere that contains a sub property. - Source: dev.to / 8 months ago

Say we have an application where we place users in multiple groups based on their permission sets. I'm not talking about IAM but application users, who sign up, log in and use our application. Those users can be administrators, read-only users, or can belong to other permission categories. I already discussed a way we can use Cognito user pool groups in access control to specific endpoints. - Source: dev.to / 8 months ago

The tool is part of IAM. First, we must create an analyzer, which can be account- or organization-based. The account or the organization will become the zone of trust. In this example, the zone of trust will be an account. - Source: dev.to / 9 months ago

I don't want to dive deeply into IAM. As a new Serverless developer, I don't think that's required for you to be effective. A link to the AWS IAM documentation does seem appropriate. Now what I do feel is appropriate for you to know are the following things:. - Source: dev.to / 9 months ago