What is IAM?
IAM is a global, free and consistent secure service that helps you securely control access to AWS resources where it can be used to control who can be authenticated and what resources can be used by them.
- If you create an account in AWS by following these steps, then you are a root user.
Best Practice: Avoid Using Services as an Root User. Create an Admin account for yourself/your organization to access all services in AWS.
The above picture is an example of AWS IAM Dashboard. Lets get into one by one.
Access Management
- User Groups
A user group is a collection of IAM users and allows you specify permissions for a collection of users.
- Users
Every Physical Person who wish to access (Read/Write) your services are a user.
- Roles
Roles are a secure way to grant permissions to entities(EC2 Instances, Lambda Functions, more...) that you trust.
- Policy
Policy define permission for an action regardless of the method that you use to perform the operation.
- Identity Provider
Identity Provider (IdP) is used to manage your user identities outside of AWS, but grant the user identities permissions to use AWS resources in your account.
Account Settings
- Password Policy
A password policy is a set of rules that define the type of password an IAM user can set.
- Security Token Service
AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management users or for users that you authenticate.
Access Reports
- Access Analyzer
IAM Access Analyzer helps you review existing access, enabling you to identify and remove unintended external or unused permissions.
- Credential Report
A credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices.
- Organization
AWS Organizations is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage.