Volume 3: IAM4/5
  1. 01Lessons 1-10
  2. 02Lessons 11-20
  3. 03Lessons 21-30
  4. 04Lessons 31-40
  5. 05Lessons 41-45

Chapter 04 of 05

Lessons 31-40

10 lessons20 min readingParts 111-120
  1. 01Inspect an IAM role and its trust policyRead role metadata and the assume-role policy document from the CLI.2 min read
  2. 02Update an IAM role trust policyReplace a role trust policy with a narrower named-user principal.2 min read
  3. 03Attach a managed policy to an IAM roleGrant a role read-only S3 account listing permission through a customer managed policy.2 min read
  4. 04List every policy on an IAM roleAudit both managed policy attachments and inline policy names for a role.2 min read
  5. 05Assume an IAM role with STSRequest temporary credentials for an IAM role and inspect the assumed-role identity.2 min read
  6. 06Use STS temporary credentials in shell variablesLoad assumed-role credentials into environment variables, prove identity, and unset them.2 min read
  7. 07Configure an automatic assume-role CLI profileCreate a named AWS CLI profile that assumes a role and refreshes temporary credentials automatically.2 min read
  8. 08Name and limit an STS role sessionSet role session name, source identity, and duration for traceable temporary access.2 min read
  9. 09Create an IAM user access key carefullyCreate one long-term IAM user access key and handle the secret as a one-time output.2 min read
  10. 10List IAM access key metadataInventory an IAM user's access key IDs, status values, and creation dates without exposing secrets.2 min read