https://tofl.github.io/docs/1-cloud-iam-encryption-foundations/Recent content in Cloud, IAM & Encryption Foundations on 🏠Hugoen-ushttps://tofl.github.io/docs/1-cloud-iam-encryption-foundations/iam-identity-access-management/Mon, 01 Jan 0001 00:00:00 +0000https://tofl.github.io/docs/1-cloud-iam-encryption-foundations/iam-identity-access-management/<h2 id="iam-identity--access-management">IAM (Identity &amp; Access Management)<a class="anchor" href="#iam-identity--access-management">#</a></h2> <p>AWS Identity and Access Management (IAM) is the service that controls <strong>who</strong> can do <strong>what</strong> in your AWS account. Every API call made to AWS — whether from the console, CLI, or SDK — is authenticated and authorized through IAM. Without it, there would be no way to distinguish between a developer who should read S3 buckets and an automated process that should write to DynamoDB. IAM is free and global (not region-scoped), and understanding it deeply is a prerequisite for everything else in AWS. <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html">🔗</a></p>https://tofl.github.io/docs/1-cloud-iam-encryption-foundations/kms-foundations/Mon, 01 Jan 0001 00:00:00 +0000https://tofl.github.io/docs/1-cloud-iam-encryption-foundations/kms-foundations/<h2 id="kms-key-management-service--foundations">KMS (Key Management Service) — Foundations<a class="anchor" href="#kms-key-management-service--foundations">#</a></h2> <p>AWS Key Management Service (KMS) is a managed service that lets you create and control the cryptographic keys used to protect your data. The core problem it solves is straightforward: encrypting data is necessary, but managing encryption keys securely is hard. KMS offloads that complexity — key storage, access control, rotation, and audit logging — to AWS, so you never handle raw key material directly in your application code.</p>