Day 2: AWS | IAM (Identity and Access Management)

Table of content:

• Users

• Groups

• Policies

• Roles

IAM - IAM stands for Identity and access management in IAM we focused on majorily three things.

• Dedicated

• Authenticated

• Authorization

You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. If you will not do this eveyone will get the root access and they can knowingly or unknowingly create/delete the resources which is not required to overcome this problem AWS launched IAM.

You can grant different permissions to different people for different resources. For example, you might allow some users complete access to Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3). For other users, you can allow read-only access to just some S3 buckets, or permission to administer just some EC2 instances, or to access your billing information but nothing else.

This is the benefit of IAM, it is completely depend on administrator what an IAM user can do.

Users: you need to create a user and then you need to attach some policies.

Groups: group has bunch of permissions if you want to give same set of permission to the user, you can add user in the group, whatever permissions group has user will also get the same permission.

Roles: roles are similar to user but not 100% because roles are created for the temporary purpose or roles are created to communicate within the AWS account.

Policies: you manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.