Cloud IAM: From Zero to Master

Reading Time: < 1 minute

Cloud IAM: From Zero to Master

An ongoing series on identity and access management across AWS, GCP, and Azure — from first principles to privilege escalation defense, federation, and Zero Trust architecture, continuing as new cloud services ship new permissions.

Who it’s for: Infrastructure engineers, security practitioners, and platform teams who need to understand cloud access control deeply enough to design it, audit it, and defend it.

By the end of the core curriculum: debug any AccessDenied, audit any IAM configuration, and understand the attack paths through IAM before an attacker finds them.

Core curriculum complete — 12 episodes — continuing with new episodes as new cloud permissions land.


Episodes

EP Title Level
EP01 What Is Cloud IAM — and Why Every API Call Depends on It Beginner
EP02 Authentication vs Authorization: AWS AccessDenied Explained Beginner
EP03 IAM Roles vs Policies: How Cloud Authorization Actually Works Beginner
EP04 AWS IAM Deep Dive: Users, Groups, Roles, and Policies Explained Intermediate
EP05 GCP IAM Policy Inheritance: How the Resource Hierarchy Controls Access Intermediate
EP06 Azure RBAC Explained: Management Groups, Subscriptions, and Scope Intermediate
EP07 OIDC Workload Identity: Eliminate Cloud Access Keys Entirely Intermediate
EP08 AWS IAM Privilege Escalation: How iam:PassRole Leads to Full Compromise Advanced
EP09 AWS Least Privilege Audit: From Wildcard Permissions to Scoped Policies Advanced
EP10 SAML vs OIDC: Which Federation Protocol Belongs in Your Cloud? Advanced
EP11 Kubernetes RBAC and AWS IAM: The Two-Layer Access Model for EKS Advanced
EP12 Zero Trust Access in the Cloud: How the Evaluation Loop Actually Works Master
EP13 New Cloud Service IAM Permissions: A Checklist Before You Grant Access Ongoing

Start with EP01: What Is Cloud IAM →