Integrity

Confidentiality

Authenticity

Availability

Malicious Service Agent

Trusted Attacker

Malicious Insider

Anonymous Attacker

Denial of Service

Traffic Eavesdropping

Insufficient Authorization

Virtualization Attack

To reduce the risk of DoS attacks

To manage user identities and access privileges

To preserve the confidentiality and integrity of data

To provide evidence of data authenticity and integrity

IAM user

IAM role

IAM group

IAM policy

To manage access to AWS resources

To grant the same permissions to multiple users

To provide temporary security credentials

To define fine-grained access rights

Full access policy

Read-only policy

Resource-based policy

Identity-based policy