!!! Overview
[{$pagename}] is the [Identity and Access Management] for [Amazon Web Services]

[{$pagename}] has the following [Entities]:
* [User] in [AWS] user is a [End-User] which uses the [AWS Management Console] or an [AWS API] and consists of a [NAME] and [Credential]
* [AWS Security Group] in [AWS] is a collection ([Group]) of [AWS] [Users].
* [AWS Role] in [AWS] is used to define [Permissions] to [AWS] [Resources] [Authentication Methods] and an Operator that is temporary. (Think OAuth Grant)
** Can not be assigned to [AWS] Users
** Can not be assigned to [AWS Security Group]

[Policy] in [AWS] is a document that defines one or more [Permissions] that is associated to a [AWS] [user] or [Role].
* JSON can be attached to any of the above.
* Lists the specific [APIs] that is permitted for members of the Role (Think Scopes) ([Permissions])
* May have dynamic components such as are they on a VPN or time of day or network, or location.
* May have a Implicit Deny which overrides any Allow permission.!! [{$pagename}] Details
* [{$pagename}] is Global and not [Cloud Region] or [Cloud Zone] specific.
* Root account is simply the account ([EmailAddress]) created when first setup. 
* New [AWS] users have no permissions when created.
* New [AWS] users are assigned an Access Key ID and Secret Access Key.
* Access Key ID and Secret Access Key are used for the [AWS API] and [AWS CLI] from your local desktop
* Secret Access Key can only be viewed when created. Otherwise you must regenerate the Secret Access Key
* [Password Policy] is managed within [AWS Management Console]
* Supports [PCI DSS] [Compliance]

!! Category
%%category [Amazon Web Services]%%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]