Identity Access Management (IAM)

IAM

IAM allows you to manage users and their level to access AWS resources.

IAM features

• Centralized control of your AWS account.
• Granular permissions.
• Shared access to your AWS account.
• Identity Federation.
• Multifactor Authentification.
• Provide temporary access when necessary.
• Allow setup password policy.
• Support PCI DDS (Payment Card Industry Data Security Standard).

IAM keys

Users

End-user such as people, employees of an organization.

Group

A collection of users, each user in the group will inherit the permissions of the group.

Policies

Policies are made up of documents, called Policy documents. These documents are in JSON format and they give permissions as to what a User/Group/Role is able to do.

Roles

You create roles and then assign them to AWS Resources.

Example Tips

• IAM is universal.
• Account creation first is called ‘root account’.
• The new user has no permission.
• Alway set up MFA on your root account.
• New Users are assigned Access Key ID & Secret Access Keys when first created.