IAM Policy Simulator

IAM Profile Control

IAM Control Simulator

IAM Access Simulator

Statment ID (Sid)

ID

Action

Condition

User name and password

Access Key

Access Key/Session Token

Service Account

To able to stop unauthorized access to the physical data center

Make sure the servers have been kept up to date

Setting up networking firewall rules

Encryption of sensitive data at rest

Management of user credentials via IAM

Create an IAM permission policy and attach it to each IAM user. Set the APIs method authorization type to AWS_IAM. Use Signature Version 4 to sign the API requests.

Create an Amazon Cognito user pool and add each IAM user to the pool. Set the method authorization type for the APIs to COGNITO_USER_POOLS. Authenticate using the IAM credentials in Amazon Cognito and add the ID token to the request headers.

Create an Amazon Cognito identity pool and add each IAM user to the pool. Set the method authorization type for the APIs to COGNITO_USER_POOLS. Authenticate using the IAM credentials in Amazon Cognito and add the access token to the request headers

Create a resource policy for the APIs that allows access for each IAM user only.

Create an Amazon Cognito authorizer for the APIs that allows access for each IAM user only. Set the method authorization type for the APIs to COGNITO_USER_POOLS.

Encrypt the EBS volumes of the underlying EC2 Instances.

Use AWS KMS Customer Default master key.

Use SSL/TLS for encrypting the data.

Use S3 Encryption.

Create an SSL Certificate and attach it to the EBS Volume.

Use KMS to generate encryption keys which can be used to encrypt the volume.

Use CloudFront in front of the EBS Volume to encrypt all requests.

Use EBS Snapshots to encrypt the requests.