Identity Access Management
IAM Introduction
IAM allows you to manage users and their level of access to the AWS Console. It is important to understand IAM and how it works, both for the exam and for administrating a company's AWS account in real life.
Things that IAM Provides
- Centralized control of your AWS account
- Shared Access to your AWS account
- Granular permissions
- Identity Federation (including Active Directory, Facebook, LinkedIn, etc.)
- Multi-factor Authentication
- Provides temporary access for users/devices and services, as necessary
- Allows you to setup your own password rotation policy
- Integrates with many different AWS services
- Supports PCI DSS Compliance, for any applications associated with the payment card industry.
IAM Terms to Know
- Users: End Users (think people).
- Groups: A collection of users under one set of permissions.
- Roles: Used to assign a set of permissions to AWS resources. For example, you might create a role that provides S3 access to an EC2 instance.
- Policies: A document that defines one (or more) permissions. Policies can be attached to either a User, a Group, or a Role. Once attached, a policy will grant to the assignee the permissions associated with that policy.