Don't just learn the cloud—BYTE it!
Byte the Cloud is your go-to, on-the-go, podcast for mastering AWS, Azure, and Google Cloud certifications and exam prep!
Chris 0:00
All right, welcome back, everyone. Today, we're going to be doing a deep dive into AWS IAM identity and access management. Now this deep dive is, well, we've tailored it specifically for those of you out there who are mid level cloud engineers, and maybe you're prepping for some of those AWS exams, or maybe you just want a really solid IAM knowledge refresh, yeah, I
Kelly 0:21
think that's a great idea. You know, I think about I am a lot like a really secure key card system you might see for a building. Oh, that's a good analogy. You know, you can't just waltz into any room you want. You got to have the right credentials and permissions, right? Yeah, and in the cloud, that's where I am. Comes in, makes sense. It's all about making sure that only the right people and services have access to the right resources, which is, let's be real, a pretty big deal when you're talking about security in the cloud. Yeah, no
Chris 0:47
kidding, so let's just get right to it. Then what is IAM like? If you had to break it down to the simplest terms, what would you say it is? Well, you
Kelly 0:54
can think about it like this. IAM is basically a web service from AWS, and it lets you manage all your users and their permissions so you know who has access to what, what they can do with those resources and even when they can access them.
Chris 1:09
So it's not just about giving everyone access to everything, right? It's much
Kelly 1:13
more granular than that. You can get super specific with who can do what, and that's critical for keeping your AWS environment, well, secure,
Chris 1:21
yeah, that makes sense. Can you maybe give us a couple of real world examples, just to kind of bring this home?
Kelly 1:26
Sure? Yeah. So think about this. You have a team of developers, right? They're working on this new web application, and they need to be able to upload their code to an S3 bucket,
Chris 1:37
right for storage and deployment,
Kelly 1:40
exactly. With IAM, you could actually create individual users for each of those developers, and then you'd only give them the exact permissions they need so they can upload those files to that specific bucket, but nothing else, right, right? They wouldn't have access to any other sensitive data, just what they need to do their job. Okay, that's
Chris 1:57
a pretty good example. Yeah. Now what about if we need to, like, restrict access to something that's super sensitive, like, let's say financial data that's in a DynamoDB table. Oh,
Kelly 2:07
yeah, that's a good one. In that case, you might want to create, like, a separate IAM group specifically for your administrators or your security team, the people who absolutely need to have access, Right exactly? And you would attach what's called an IAM policy to that group, and what would that do? So this policy could grant, say, Read Only, access to that DynamoDB table, so they can see the data and they can monitor it, but they can't actually change it. Oh, so
Chris 2:33
it's like a safeguard. They can keep an eye on things, but they can't accidentally or intentionally mess anything up, exactly. So those IAM policies, it sounds like they can get pretty complex. Oh, yeah,
Kelly 2:43
they can. It's actually one of the things that makes IMM so powerful. These policies, they're written in this format called JSON. JSON, yeah, it's a way of structuring data, and it's actually designed to be human readable. Oh, but it also lets you get really, really specific with the actions and the resources that a user or group is allowed to access or denied access to, for that matter. Hmm,
Chris 3:06
that's interesting. Now, you know, one of the things that I remember kind of struggling with when I was first learning about IAM was this concept of, what was it? Implicit deny?
Kelly 3:16
Oh, yeah, implicit deny. It's a fundamental security concept in IAM, but it definitely trips people up sometimes. That sounds simple enough, it is, in theory, basically it just means if a permission isn't explicitly granted, then it's automatically denied. Oh, there's no maybe this is critical for security, because it really ensures that nothing is allowed unless it's specifically permitted.
Chris 3:38
So like, if I have a policy that doesn't specifically say a user can delete objects from an S3 bucket. They can't do it. Nope,
Kelly 3:45
they can't do it, even if there's no policy that explicitly says they can. Okay, I get it like having a really strict bouncer at a club. You know? I love that analogy. If your name isn't on the list, you're not getting
Chris 3:55
in, no matter how nicely you ask exactly. So we've talked about users, we've talked about groups, we've talked about policies. What other major pieces of the puzzle are there in IAM?
Kelly 4:06
Ah, well, there's one more really important piece, and that's IAM. Roles, okay? Roles, yeah, think of them as temporary security credentials. You can assign them to entities that need to access your AWS resources,
Chris 4:20
so applications that are running on EC2 instances, yeah, exactly, or even other AWS services, exactly.
Kelly 4:25
So let's say you have an application, it's running on an EC2 instance, and it needs to read data from a DynamoDB table. Okay, I'm following it now. You don't want to hard code your access keys into the application, right? That's a security nightmare, huge security risk. So instead, you can assign an IAM role to that EC2 instance, and then the application can use that role to access the DynamoDB table securely. No long term credentials needed. Ah, so
Chris 4:52
it's like a temporary pass. Exactly. It's
Kelly 4:54
temporary. It's secure, and it follows what we call the principle of least privilege, which is granting only the. Access that's absolutely necessary and nothing more, right?
Chris 5:03
So we've got users, groups, policies and roles. It sounds like IAM is pretty tightly integrated with all the other stuff in AWS, right? Yeah,
Kelly 5:10
oh yeah, definitely. It's like woven into almost every AWS service. So
Chris 5:14
we're talking S3, buckets, EC, two instances, lambda functions, DynamoDB, tables, all of
Kelly 5:22
that, all of that. It's how you control who can do what across your entire AWS environment.
Chris 5:27
Now, you mentioned that IAM policies can get pretty complex. Oh, yeah, they can. So does AWS have any tools or features that help us manage that complexity? Yeah,
Kelly 5:36
for sure, especially as your cloud environment starts to grow, things can get out of hand pretty quickly, right? I can imagine. So thankfully, AWS gives us a few things to help. First off, there's AWS organizations. This lets you manage multiple AWS accounts all from one central location, okay? And the cool thing is, you can define policies and organizations that apply to all your accounts so you don't have to duplicate your efforts Exactly. Makes it a lot easier to enforce those security standards across the board. That makes a lot of sense. And then you've got AWS CloudTrail. CloudTrail, yeah, this is a service that provides a log of all the API calls that are made in your AWS account, including anything related to IAM. So this is really valuable for auditing, for security analysis. It lets you see who did what, when and from where, ah, so you can track down any suspicious activity exactly like it. And then there's AWS Config. This one lets you assess, audit and evaluate the configurations of your AWS resources, so you can use it to monitor your IAM configurations, identify any potential security vulnerabilities and even make sure you're compliant with your organization's policies. So it's
Chris 6:44
like security watchdog, yeah, pretty much always keeping an eye on things. Keep an eye on things.
Kelly 6:49
I like it. These are just a few of the tools, of course, but as your cloud environment grows, using these tools becomes more and more crucial. Right
Chris 6:57
to maintain security efficiency and compliance, exactly. Okay, so we've got a pretty good foundational understanding now of what I am is why it's so important, how it fits into the broader AWS ecosystem. But, you know, I know a lot of our listeners are probably thinking about how to actually use I am, and, of course, how to ace those AWS exams. Oh, first, so are you ready to put on your exam prep hat and dive into some scenarios. Absolutely.
Kelly 7:22
Let's do it. I think that's a great idea. Okay, so let's pretend we're in that exam room. Clock is ticking and this question pops up on the screen. A developer needs read only access to an S3 bucket, but they need full control over just one specific folder within that bucket. How do you set that up using IAM Okay,
Chris 7:43
so that's a good one. It's really testing whether you know how to grant that really fine grained access control. Yeah, exactly.
Kelly 7:48
And you know, you wouldn't want to just give the developer full access to the entire bucket, right, if they only need to work with that one folder, right?
Chris 7:55
Because then you're violating the principle of least privilege, exactly.
Kelly 7:58
So what you would do is create two separate policies. The first one would grant read only access to the whole bucket. So, you know, things like get object and list bucket, but only for that specific bucket.
Chris 8:10
Okay, so that takes care of the read only part. What about the folder where they need full control
Kelly 8:15
for that? You'd make a second policy, and this one would be just for that specific folder. So this policy would allow all actions, things like put object, delete object, even get bucket policy, but only for the objects and resources that are within that folders path I
Chris 8:31
see. So you're really narrowing it down. By combining those two policies, we can give the developer exactly the access they need, right? No more, no less. Now how would you actually go about attaching those policies to the developer's account?
Kelly 8:43
Well, you have a couple of options. You could attach them directly to the developer's IAM user, but if you've got a lot of users that can get a bit messy, right? Yeah, a better approach would be to create an IAM group specifically for developers who need this kind of access pattern. Oh, yeah. So you attach the policies to the group, and then you just add the developer's user to that group.
Chris 9:05
That's smart. It keeps things a lot more organized, and it probably makes it easier to manage permissions for a whole bunch of developers, right exactly,
Kelly 9:13
and it's much easier to audit and update those permissions later on. So if things change, you just modify the group policies. You don't have to mess with individual user policies. That's
Chris 9:22
a great point. Okay, let's shift gears a little bit and try one about IAM roles. I saw this one in our research. An application running on an EC2 instance needs to access data in a DynamoDB table. What's the most secure way to configure IAM for that?
Kelly 9:37
Ah, yes, this is a perfect example of when you'd use IAM roles, okay? And remind me why we use roles again, because we never want to hard code those credentials directly into the application right, right for security reasons, exactly. So I am roles help us avoid that. So instead
Chris 9:53
of like embedding those access keys right in the Applications code, we use a role to handle the authentication. Exactly,
Kelly 10:00
you would create an IAM role just for this, and you'd attach a policy that gives it the permissions it needs to access the DynamoDB table, things like get item and put item, but only for that specific DynamoDB table.
Chris 10:12
So we're being very specific about what it can access. And then we attach that role to the EC2 instance itself, right?
Kelly 10:19
Yes, that's right. So the application running on the instance can automatically assume that role and use its permissions to access the DynamoDB table, and it never has to even see those access keys. That's really cool. Yeah, so when the application needs to get something from the table, it makes a request to the AWS metadata service, and that service securely provides temporary credentials based on the role that's assigned to the instance. Ah, so it's all happening behind the scenes, exactly. It's all very secure, okay, so the application gets what it needs, but we don't have to worry about those long term credentials just floating around Exactly. IAM roles are a really powerful tool for making sure that access is delegated securely. They sound it. They're used all over the place in AWS, especially when you're working with things like EC2 instances, lambda functions, basically anything that needs to interact with AWS resources. Okay,
Chris 11:10
let's test ourselves on something that I know pops up on the exams a lot. What's the core difference between an IAM user and an IAM role?
Kelly 11:18
This is a really fundamental concept. So it's important to be crystal clear on this one, an IAM user represents a person or an application that needs long term access to AWS resources. It's like a permanent employee ID badge, okay?
Chris 11:33
So it's for those entities that need ongoing access, administrators, developers, even those automated scripts that run regularly. You
Kelly 11:40
got it, but an IAM role that's for temporary access. It doesn't have any permanent credentials attached to it. Instead, it's like a set of permissions that can be assumed by authorized entities when they need them. So it's like a visitor badge. Yeah, you could think of it that way, temporary access to certain areas, exactly. So
Chris 11:57
the key difference is really about the duration of that access, right? Right? Users
Kelly 12:01
have long term credentials. Roles have temporary credentials, and those temporary credentials, they retrieve dynamically when they're needed. Okay,
Chris 12:08
that makes sense. Let's try another scenario that really shows how flexible IAM can be. Let's say we have a marketing team, and they need to manage all the assets in a particular S3 bucket. How would you use IAM to give them the right permissions, but in a way that's secure and follows all those best practices we've been talking about?
Kelly 12:29
Okay, well, this is a great opportunity to use IAM groups instead of creating an individual IAM user for each person on the marketing team and then having to manage their permissions separately, which can be a real pain. Yeah, that sounds like we can streamline everything by using a group. Oh, okay, so we're managing permissions at scale, though, exactly, and it makes sure that everyone on the team has the same level of access, so it's consistent, consistent. So we'd create an IAM group called something like, you know, marketing team makes sense, and then we attach an IAM policy to that group, and this policy would grant them the specific permissions they need for that S3 bucket, so things like, put object, get object, delete object, where they
Chris 13:09
can upload, download, manage all their marketing assets, yeah, but we wouldn't want to give them access to any other S3 buckets, right, right.
Kelly 13:15
The policy would be really specific just for that one designated S3 bucket, keeping
Chris 13:20
things nice and locked down. Locked down. Okay? So then each person on the marketing team, their IAM user, would just be added to that marketing team group,
Kelly 13:29
exactly, and they'd automatically inherit all the permissions that are defined in the group policy. Clean and simple. Clean and simple. And
Chris 13:36
if someone new joins the team, or someone leaves, you
Kelly 13:41
just add or remove their user from the group. No need to fiddle with all those individual user permissions. It
Chris 13:47
started to feel a lot less like a security headache and more like, I don't know, a well organized toolbox. That's the idea. Okay, let's try one that involves AWS lambda functions. This is a little bit more advanced, but it's a pretty common scenario, especially with serverless architectures. Let's say you've got a lambda function that needs to read data from a specific DynamoDB table. How would you configure IAM to allow that access, but securely?
Kelly 14:14
Oh, this is a good one. It really shows how you can use IAM to grant permissions, not just to users, yeah, but to AWS services as well.
Chris 14:22
Okay, so in this case, our lambda function would need an IAM role. Just like an easy two instance would exactly
Kelly 14:28
you create an IAM role specifically for this function, and you attach a policy that gives it read only access to that DynamoDB table. So actions like get item and batch get item, but we wouldn't want to allow any write operations, right?
Chris 14:43
Because we don't want the lambda function accidentally modifying any data exactly,
Kelly 14:47
so we restrict it to just reading. So we're being super careful always, once you've got that role set up and the policy attached, you then associate that role with your lambda function.
Chris 14:57
So when the lambda function runs, you. It automatically assumes that role and gets those permissions defined in the policy
Kelly 15:05
precisely so the function can access the DynamoDB table without you having to manage any access keys or secrets within the functions code. Oh, that's slick. Yeah, it's pretty elegant. It really shows how you can use IAM to build these secure and scalable serverless applications. Okay, I'm
Chris 15:20
feeling pretty good about these basic scenarios. Can we try one that's maybe a little more challenging? What about granting permissions across multiple AWS services?
Kelly 15:30
Ooh, okay, I like it. Let's say you're setting up IAM permissions for a data scientist, they need to be able to access raw data that's in a bunch of different S3 buckets. Then they need to be able to write the process data to a specific S3 bucket, and they also need to be able to start and stop AWS glue jobs for their data processing tasks. How would you handle all of that?
Chris 15:53
Okay, that's a lot of moving parts. Sounds like we might need to use a few different IAM features to come up with a good solution. Yeah,
Kelly 15:59
for sure, this one's going to need a multi pronged approach. So first things first, to keep everything organized, we'd create an IAM group called data scientists, assuming we have a few data scientists who need similar permissions,
Chris 16:11
right? That makes a lot of sense. It'll make things much easier to manage later on.
Kelly 16:15
Exactly now for the permissions themselves, we need to create three separate policies, each one tailored to a specific set of actions. Okay, let's break that down. So for read access to those raw data buckets, we'd create a policy that allows get object and list bucket, but only for those specific raw data buckets, so
Chris 16:35
they can see the data, but they can't modify it, right? What about writing the process data?
Kelly 16:40
For that, we need a second policy. This one would grant write access to that specific bucket where the process data goes, so actions like put object and delete object, but again, only for that specific bucket, so they
Chris 16:53
can write the process data to the right place, but they can't touch the raw data or any other buckets Exactly. And what about those glue jobs?
Kelly 17:02
Okay, for that, we need a third policy. This one would let the data scientists start and stop those glue jobs. So we'd include actions like start job run and stop job run, but we'd restrict it to just the names of those specific glue jobs, ah,
Chris 17:15
so they can manage their own data processing workflows, but they can't mess around with any other glue jobs that might be
Kelly 17:21
running exactly, and we would attach all three of those policies to the data scientist group, so
Chris 17:26
anyone who's a member of that group, they automatically get all those permissions, yep, all
Kelly 17:30
the permissions they need to do their data science work securely and efficiently.
Chris 17:34
That's a really great example. It really shows how you can use IAM to create these really detailed permissions that span multiple services while still following the principle of least privilege. It all
Kelly 17:46
comes down to planning and really understanding how the different parts of IAM fit together.
Chris 17:52
Okay, before we wrap up this whole exam prep section, let's talk about security best practices in general. What are some things we should be thinking about when we're designing these IAM policies to make sure that we're minimizing those security risks.
Kelly 18:05
That's a really important question. Security should always be top of mind when you're working with IAM so here are a few things to remember. First and foremost, stick to that principle of least privilege. Never give more permissions than you absolutely have to, even if it seems like it'll make things easier in the short term, right?
Chris 18:23
Because it's much harder to clean up a mess than it is to prevent it in the first place. Exactly.
Kelly 18:27
You can always add more permissions later if you need to, but it's much harder to undo the damage if something goes wrong. So
Chris 18:35
don't take any shortcuts really. Think critically about what each user or role needs. Definitely
Kelly 18:40
another crucial thing is to use multi factor authentication, MFA, for all your IAM users.
Chris 18:47
MFA, that's like the two factor authentication we use for everything else, right?
Kelly 18:50
Yeah, pretty much. It adds that extra layer of security. So even if someone gets a hold of a password, it's much harder for them to actually compromise an account.
Chris 18:58
So that should be standard for anyone who's accessing AWS, right?
Kelly 19:01
Absolutely no exceptions. And whenever you can use IAM roles instead of hard coding those access keys into your applications, right? We've talked about that. It's much more secure, and you don't have to worry about those long term credentials being exposed. IAM roles are our friends. They're your friends. And one last thing, remember that IAM is always changing. AWS is always adding new features and services. So it's really important to stay up to date with all the security recommendations and best practices.
Chris 19:29
So we got to keep learning. Keep learning. Where would you recommend people go to stay up to date on all the IAM changes and updates? Well,
Kelly 19:35
the AWS what's new blog is a great place to start. That's where they announce all the new services, features, updates for everything in AWS. So it's good idea to check that regularly, regularly. And of course, there's the IAM section of the AWS documentation. It's super detailed, and it's always kept up to date. It's like the IAM Bible, yeah, pretty much. Another good thing to do is follow AWS security experts and. Bot leaders on social media, they often share really valuable insights that you won't find anywhere else.
Chris 20:05
Oh, yeah, I get a lot of good tips from following people on Twitter and LinkedIn Exactly.
Kelly 20:09
And if you really want to dive deep into IAM, check out AWS training and certification offerings. Oh, right, they have those, don't they? Yeah, they have courses and exams that are specifically focused on IAM. So it's a good way to validate your knowledge and boost your career. It's an
Chris 20:25
investment in yourself. It is okay. So we've covered a lot of technical details in this episode, all the IAM features, best practices, exam prep strategies. But you know, there's one thing that I think is really important to talk about that sometimes gets overlooked, and that's the human element of security? Oh, yeah, that's a good point, because not just about the technology, right? Even if you have the best IAM policies in the world, security can still be compromised if people don't understand them or don't follow them exactly.
Kelly 20:53
So how do you create a culture of security awareness in an organization? How do you make sure everyone understands how important these IAM best practices are. That's the million dollar question, isn't it? It is, and I think it takes a multi faceted approach. You need to start by providing regular security awareness training to everyone in the company, not just the tech people. Oh, that's a good point. This training should cover the basics of IAM, why it's important, and how to apply those best practices in their day to day work.
Chris 21:23
And I imagine you have to make it engaging, right? Because people are going to tune out if it's just a boring lecture. Oh, absolutely.
Kelly 21:29
The more relevant and relatable you can make it, the more likely people are to pay attention and remember the information you got. To use real world examples and scenarios to really drive the point home. Okay,
Chris 21:41
so training is important. What else can organizations do? Well, having clear
Kelly 21:45
and well documented security policies is crucial. Don't leave things up to interpretation. Outline your organization's security standards, including specific IAM best practices, and make sure that everyone has easy access to those documents, right? So everyone's on the same page exactly, and communication is key. Create an environment where people feel comfortable reporting security concerns or asking questions about IAM policies. The more open the dialog is, the better you want people to feel empowered to speak up if they notice something suspicious, or if they're not sure about the right way to do something.
Chris 22:19
So it's about breaking down those silos between it and other departments, making security everyone's responsibility
Kelly 22:25
exactly and finally, and I think this is the most important part, leadership needs to set the tone. If management prioritizes security and follows the best practices themselves, it sends a really powerful message to everyone else in the organization, actions
Chris 22:41
speak louder than words.
Kelly 22:43
Couldn't agree more. You
Chris 22:44
know, it strikes me that an organization's approach to IAM often reflects their overall cloud maturity. Like the companies that are further along in their cloud journey, they tend to have more mature I am practices.
Kelly 22:57
Oh yeah, for sure, there's definitely a correlation there. It's a journey.
Chris 23:01
Tell me more about that, like, what are some of the hallmarks of a mature IAM approach, and how do they align with the different stages of cloud adoption? Okay, so
Kelly 23:09
in the early stages of cloud adoption, organizations are usually just focused on getting those workloads migrated to the cloud, often as quickly as possible, right? Security sometimes takes a back seat. Their IAM policies are pretty basic, and there's this tendency to over permission things just to get things working. So it's kind
Chris 23:25
of like learning to drive. You're focused on getting the car moving before you worry about parallel parking Exactly.
Kelly 23:30
But as they gain more experience in the cloud and their deployments get more complex, they start to realize how important security and governance really are. So they start implementing more granular IAM policies. They enforce MFA. They start using roles more effectively. They move from being reactive about security to being more proactive and strategic. So they're
Chris 23:52
building those firewalls you were talking about exactly.
Kelly 23:53
And then at the highest levels of cloud maturity, they treat IAM as this fundamental part of their overall cloud strategy. They have well defined governance processes, they have automated security controls, and they have that strong culture of security awareness built into everything they do. So
Chris 24:11
IAM goes from being something they have to do to something that actually helps them do more. Right?
Kelly 24:16
It's not just about protecting resources anymore. It's about empowering teams to innovate securely in the cloud. That's a really good way to put it. And you know, this journey toward IAM maturity, it takes a commitment to continuous improvement, always learning and adapting as the landscape of cloud security changes. Say, always
Chris 24:34
gonna be on your toes, always. Well, it's clear that IAM is much more than just a bunch of technical features. It's a foundational element of secure and well governed cloud operations, and it really tells you a lot about an organization's overall cloud maturity. What are some final thoughts you have for our listeners as they continue on their own IAM journeys?
Kelly 24:55
Well, I think the biggest thing is to remember that IAM isn't something you just set and forget. It really is. An ongoing process, you know, you have to keep refining it. As your needs change, as your cloud environment evolves. It's a living thing. It is. It's like, you know, like a garden. You have to tend to it. You have to prune back those permissions and make sure everything is healthy and secure. And as your cloud footprint grows, the complexity of your IAM setup is going to grow too Right?
Chris 25:18
So you really need to have those automation tools and processes in place so you can manage it all at scale, but without compromising on security
Kelly 25:27
Exactly. It's a balancing act. You want to streamline things, but not at the expense of security. And remember, there's no magic bullet. There's no one size fits all solution for IAM, you have to start with those best practices, and then you adapt and refine based on your specific needs, your risk tolerance. Don't be afraid to experiment, but always keep security top of mind, and always stick to that principle of least privilege. It's like
Chris 25:53
finding the right recipe. Yeah, exactly. Might start with something basic, but then you tweak it, make it your own,
Kelly 25:59
exactly. And the more you work with IAM, the more you experiment, the better you'll get at it. So
Chris 26:05
what's your number one piece of advice for our listeners who are just starting out with IAM,
Kelly 26:10
I would say, embrace the learning process. IAM can feel a little overwhelming at first, but it's so rewarding to master. So start with the basics. Play around in a safe environment, like a sandbox, and don't be afraid to ask questions. The AWS community is super helpful. There are so many resources out there to help you. Yeah, the
Chris 26:27
community is amazing. It's one of the best parts of working in this field. Well, I think that about wraps up our deep dive into AWS IAM for today. It's been a good one. We've covered a lot from those basic concepts to exam tips, real world scenarios, even the human side of security. Hopefully
Kelly 26:43
everyone's got a better grasp on IAM now and they feel ready to take control of their cloud security.
Chris 26:50
I hope so too. And you know, whether you're a developer, an administrator, a security professional, a good understanding of IAM is just essential. And for anyone studying for those AWS certifications, make sure you really understand I am it comes up all the time on those exams, for
Kelly 27:05
sure. And for anyone who wants to go even deeper, there's tons of great information online. The official AWS documentation is a great resource, and there are tons of blog posts and tutorials from experts. And
Chris 27:16
remember, you're not alone. The AWS community is huge, and everyone's so supportive. So don't be afraid to reach out and connect with other people who are learning too. That's it for this episode. Everyone. Thanks for joining us on this deep dive into the world of AWS I am. Keep learning, keep exploring, and keep your cloud secure.