AWS ‐ IAM (Identity & Access Management)
- Secure access control to Authenticate and Authorize users with our accounts
- Login with Root user to create account credentials and create another aws account
- Never use root account to launch any aws resources as root user is a powerful user
- Verifying the identity of the user
- Specify Access control policies
- To control access to resources and services
Below users can be provided permissions to access aws resources
- AWS Root Users - with unlimited privileges, it has Total access, login using email and password
- IAM Users - Native to aws, Created, stored and managed within aws
- It uses Access key and password for accessing the resources
- Newly created user has no permissions by default, it has to configured to accordingly
- User can have one aws account, can access across regions
- Service Accounts - used to perform actions on aws resources on behalf of other users/services
- Federated Users - Users Authenticated via external providers (Active Directory, Facebook, Google), these users not stored in aws database, managed by external providers
- IAM User Groups - collection of IAM users, governed by policies
- IAM Roles- An IAM role is an identity that grants permissions to users, it has permissions to enable users what action can they perform on aws resources
- IAM Temporary credentials - short lived & limited privileged credentials, it lives for limited time and expires automatically after
- Logging with AWS CloudTrail
- Record of actions - to capture actions performed on the console or api calls for IAM