1. Identity and Access Management (IAM)

What is IAM?

IAM is a globally resilient web service that helps you securely control access to AWS resources.

  • IAM is where you manage your AWS users and their access to AWS accounts and services.

  • IAM is commonly used to manage:

    • Users

    • Groups

    • IAM Access Policies

    • Roles

  • Note: The user created when you created the AWS account is called the "root" user.

  • By default, the root user has full administrative rights and access to every part of the account.

  • By default, any new users you create in the AWS accounts are created with no access to any AWS services.

  • For all users (besides the root user), permissions must be given that grant access to AWS services.

IAM Groups

An IAM group is a collection of IAM users. Groups allow you to set and manage permissions for multiple users at the same time.

  • Groups are a more convenient and efficient way to manage account permissions.

  • A user can have access to up to 10 groups. One user can be part of several groups.

IAM Roles

A role that a service assumes to perform actions on your behalf is called a service role. Allows EC2 instances to call AWS services on your behalf. For example, you can an EC2 instance to store all the log files in an S3 bucket.