This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 4.4 of Data Protection for Cloud Infrastructure
The IAM subject/action/resource/condition model, RBAC vs ABAC vs JIT, and the mistakes found in every cloud audit.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
AWS IAM Best Practices
Official AWS IAM best practices covering least privilege, MFA, and access key management.
AWS IAM Best Practices
Official AWS IAM best practices covering least privilege, MFA, and access key management.
AWS IAM Access Analyzer
Documentation for IAM Access Analyzer to identify unused permissions and external access.
AWS IAM Access Analyzer
Documentation for IAM Access Analyzer to identify unused permissions and external access.
NIST SP 800-162: ABAC Guide
NIST guide to Attribute Based Access Control including definition, benefits, and implementation.
NIST SP 800-162: ABAC Guide
NIST guide to Attribute Based Access Control including definition, benefits, and implementation.
AWS Organizations Service Control Policies
AWS documentation for SCPs as organisation-wide permission guardrails that cannot be overridden.
AWS Organizations Service Control Policies
AWS documentation for SCPs as organisation-wide permission guardrails that cannot be overridden.
Quadrant 4 · Self-Assessment
Data Protection in the Cloud
Envelope encryption, AES modes, post-quantum cryptography, tokenisation, PKI, key management models, and IAM.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.