Comprehensive Guide to AWS Identity and Access Management (IAM)

→ Identity and Access Management is one of the first services you will use in AWS

→ IAM is a free service . There is no charge for you to define users, groups, roles, and access controls.

→ IAM is a global service. That means IAM resources are available to all regions of the AWS cloud.

→ IAM allows you to control access to all your AWS services using policies and assigning them to specific users in order to define operational groups like systems administrators, database administrators, and storage administrators.

→ IAM handles authentication and verification of access for a user, role or to a specific resource.

→ IAM is a tool that centrally manages and has access to launching, configuring, managing, and terminating resources in your AWS account

• Use IAM to manage access to AWS resources —

• A resource is an entity in an AWS account that you can work with Example resources: An Amazon EC2 instance or an Amazon S3 bucket

• IAM Control who can terminate Amazon EC2 instances

• define fine-grained access rights —

  → Who can access the resource

  → Which resources can be accessed and what can the user do to the resources

  → How resources can be accessed

  → IAM is a no-cost AWS Account feature

• IAM: Essential components

  IAM user:- A person or application that can authenticate with an AWS account.

  IAM group:- A collection of IAM users that are granted identical authorization.

  IAM policy:- The document that defines which resources can be accessed and the level of access to each resource.

  IAM role:- Useful mechanism to grant a set of permissions for making AWS service request.

  Example:- A user can assume a role to access a service that is not normally available, the user assumes the role, deals with the service as needed, and then reverts back to its usual access