Authentication is a basic computer security concept: a user
or system must first prove their identity. Consider how you authenticate
yourself when you go to the airport and you want to get through airport
security so that you can catch your flight. In this situation, you must present
some form of identification to the security official to prove who you are
before you can enter a restricted area. A similar concept applies for gaining
access to AWS resources in the cloud.
You can assign two different types of access to users:
- Programmatic access
- AWS Management Console access.
If
you grant programmatic access, the IAM user will be required to present an
access key ID and a secret access key when they make an AWS API call by using
the AWS CLI, the AWS SDK, or some other development tool.
If
you grant AWS Management Console access, the IAM user will be required to fill
in the fields that appear in the browser login window. The user is prompted to
provide either the 12-digit account ID or the corresponding account alias. The
user must also enter their IAM user name and password. If multi-factor
authentication (MFA) is enabled for the user, they will also be prompted for an
authentication code.
AWS
services and resources can be accessed by using the AWS Management Console, the
AWS CLI, or through SDKs and APIs. For increased security, we recommend
enabling MFA. With MFA, users and systems must provide an MFA token—in addition
to the regular sign-in credentials—before they can access AWS services and
resources. Options for generating the MFA authentication token include virtual
MFA-compliant applications(such as Google Authenticator or Authy 2-Factor
Authentication), U2F security key devices, and hardware MFA devices.
No comments:
Post a Comment