Chapter 04 of 05
Lessons 31-40
10 lessons20 min readingParts 111-120
- 01Inspect an IAM role and its trust policyRead role metadata and the assume-role policy document from the CLI.2 min read2 min read
- 02Update an IAM role trust policyReplace a role trust policy with a narrower named-user principal.2 min read2 min read
- 03Attach a managed policy to an IAM roleGrant a role read-only S3 account listing permission through a customer managed policy.2 min read2 min read
- 04List every policy on an IAM roleAudit both managed policy attachments and inline policy names for a role.2 min read2 min read
- 05Assume an IAM role with STSRequest temporary credentials for an IAM role and inspect the assumed-role identity.2 min read2 min read
- 06Use STS temporary credentials in shell variablesLoad assumed-role credentials into environment variables, prove identity, and unset them.2 min read2 min read
- 07Configure an automatic assume-role CLI profileCreate a named AWS CLI profile that assumes a role and refreshes temporary credentials automatically.2 min read2 min read
- 08Name and limit an STS role sessionSet role session name, source identity, and duration for traceable temporary access.2 min read2 min read
- 09Create an IAM user access key carefullyCreate one long-term IAM user access key and handle the secret as a one-time output.2 min read2 min read
- 10List IAM access key metadataInventory an IAM user's access key IDs, status values, and creation dates without exposing secrets.2 min read2 min read