The security of an application or a platform is generally considered as providing authentication, authorization, integrity, and confidentiality. Availability and accounting are two other aspects of security that are often overlooked. The Confidentiality, Integrity, and Availability (CIA) model and Authentication, Authorization, and Accounting (AAA) model are two popular models related to cloud security. CIA is generally referred to as the CIA triad. Apart from these, we should also consider non-repudiation while securing our application or platform.

In this chapter, we will learn about the AWS Identity and Access Management (IAM) service, the primary service in AWS for managing users, groups, roles, and permissions. We will learn how to write security policies. We will also discuss using the AWS Organizations service to create multiple accounts from within a single master account. We can use the AWS Organizations service to switch between the associated accounts without logging out of AWS, which helps to work with multiple accounts easily. We will also discuss core security concepts related to the cloud. 

This chapter will cover the following recipes:

• Configuring IAM for a new account
• Creating IAM policies
• Creating a master account for AWS Organizations
• Creating a new account under an AWS Organization
• Switching roles with AWS Organizations