Overview#

AWS IAM is the Identity and Access Management for Amazon Web Services

AWS IAM has the following Entities:

• User in AWS user is a End-User which uses the AWS Management Console or an AWS API and consists of a NAME and Credential
• AWS Security Group in AWS is a collection (Group) of AWS Users.
• AWS Role in AWS is used to define Permissions to AWS Resources Authentication Methods and an Operator that is temporary. (Think OAuth Grant)
  • Can not be assigned to AWS Users
  • Can not be assigned to AWS Security Group

Policy in AWS is a document that defines one or more Permissions that is associated to a AWS user or Role.

• JSON can be attached to any of the above.
• Lists the specific APIs that is permitted for members of the Role (Think Scopes) (Permissions)
• May have dynamic components such as are they on a VPN or time of day or network, or location.
• May have a Implicit Deny which overrides any Allow permission.

AWS IAM Details#

• AWS IAM is Global and not Cloud Region or Cloud Zone specific.
• Root account is simply the account (EmailAddress) created when first setup.
• New AWS users have no permissions when created.
• New AWS users are assigned an Access Key ID and Secret Access Key.
• Access Key ID and Secret Access Key are used for the AWS API and AWS CLI from your local desktop
• Secret Access Key can only be viewed when created. Otherwise you must regenerate the Secret Access Key
• Password Policy is managed within AWS Management Console
• Supports PCI DSS Compliance

Category#

Amazon Web Services

More Information#

There might be more information for this subject on one of the following:

• AWS Serverless Application Repository
• Amazon Web Services