Issue link: https://read.uberflip.com/i/1191854
Amazon Web Services Navigating GDPR Compliance on AWS 7 Data Access Controls Article 25 of the GDPR states that the controller "shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed". The following AWS access control mechanisms can help customers comply with this requirement by allowing only authorized administrators, users, and applications to get access to AWS resources and customer data. AWS Identity and Access Management When you create an AWS account, a root user account is automatically created for your AWS account. This user account has complete access to all your AWS services and resources in your AWS account. Instead of using this account for everyday tasks, you should only use it to initially create additional roles and user accounts, and for administrative activities that require it. AWS recommends that you apply the principle of least privilege from the start: define different user accounts and roles for different tasks, and specify the minimum set of permissions required to complete each task. This approach is a mechanism for tuning a key concept introduced in GDPR: data protection by design. AWS Identity and Access Management (IAM) is a web services that you can use to securely control access to your AWS resources. Users and roles define IAM identities with specific permissions. With IAM Roles, you can allow any users to perform specific tasks to assume it and leveraging on temporary credentials for the role session. You can use IAM roles to securely give applications that run in Amazon EC2 the credentials required to get access to other AWS resources, such as Amazon S3 buckets, and Amazon RDS or DynamoDB databases.