- Identity Federation:
- Users authenticate through an external identity provider (e.g., Active Directory) instead of creating IAM users in AWS.
- AWS IAM Identity Center manages users centrally, making it easier for organizations with multiple AWS accounts.
- Temporary credentials are provided to users after authentication, and permissions are managed via groups and permission sets.
- Best Practice: Use IAM Identity Center for managing users instead of IAM.
- AWS CloudTrail:
- Logs and reviews all API calls made on behalf of your AWS account.
- Captures events for AWS services like SageMaker, including creating training jobs and notebook instances.
- Helps track user activities such as IP addresses, request times, and more.
- Amazon S3 Block Public Access:
- Blocks public access to your S3 buckets and objects, preventing accidental exposure.
- Can be set at the bucket or account level.
- Overwrites any public permissions granted by bucket policies or ACLs.
- SageMaker Role Manager:
- Simplifies the creation of IAM roles for machine learning activities.
- Pre-configured role personas (e.g., data scientist, MLOps, SageMaker compute) with predefined permissions for ML tasks.
- Customizable roles to fit your needs, with options to add additional IAM policies.
