Overview#

AWS IAM is the Identity and Access Management for Amazon Web Services

User in AWS user is a End-User which uses the AWS Management Console or an AWS API

AWS Security Group in AWS is a collection (Group) of AWS Users.

Roles in AWS is used to define Permissions to AWS Resources Authentication Method and an Operator that is temporary. (Think OAuth Grant)

Policy in AWS is a document that defines one or more Permissions that is associated to a AWS user or Role.

• JSON can be attached to any of the above.
• Lists the specific APIs that is permitted for members of the Role (Think Scopes) (Permissions)
• May have dynamic components such as are they on a VPN or time of day or network, or location.
• May have a Implicit Deny which overrides any Allow permission.

AWS IAM Details#

• AWS IAM is Global and not Cloud Region or Cloud Zone specific.
• Root account is simply the account (EmailAddress) created when first setup.
• New AWS users have no permissions when created.
• New AWS users are assigned an Access Key ID and Secret Access Key.
• Access Key ID and Secret Access Key are used for the AWS API and AWS CLI from your local desktop
• Secret Access Key can only be viewed when created. Otherwise you must regenerate the Secret Access Key
• Password Policy is managed within AWS Management Console
• Supports PCI DSS Compliance

More Information#

There might be more information for this subject on one of the following:

• AWS Serverless Application Repository
• Amazon Web Services