AWS IAM is the Identity and Access Management
for Amazon Web Services
User in AWS user is a End-User which uses the AWS Management Console or an AWS API
AWS Security Group in AWS is a collection (Group) of AWS Users.
Roles in AWS is used to define Permissions to AWS Resources Authentication Method and an Operator that is temporary. (Think OAuth Grant)
Policy in AWS is a document that defines one or more Permissions that is associated to a AWS user or Role.
- JSON can be attached to any of the above.
- Lists the specific APIs that is permitted for members of the Role (Think Scopes) (Permissions)
- May have dynamic components such as are they on a VPN or time of day or network, or location.
- May have a Implicit Deny which overrides any Allow permission.
AWS IAM Details#
There might be more information for this subject on one of the following: