IAM (Identity and Access Management)

IAM - Identity and Access Management

IAM allows you to manage users and their level of access to the AWS console. 

Offers the following features:

• Centralized control of AWS account

• Shared access to AWS account

• Granular Permissions

• Identity Federation (including Active Directory, Facebook, LInkedIn etc)

• Multifactor Authentication

• Provide temporary access for users/devices and services where necessary

• Allows you to set up your own password rotation policy

• Integrates with many different AWS services

• Supports PCI DSS Compliance

Key Terminology

1. Users - End users such as people, employees of an organization, etc.

2. Groups - A collection of users. Each user in the group will inherit the permissions of the group.

3. Policies - Policies are made up of documents, called Policy documents. These documents are formatted in JSON and they give permissions to what a User/Group/Role is able to do.

4. Roles - You create roles and then assign them to AWS Resources.

• IAM is universal. It does not apply to regions right now.

• The "root account" is simply the account created when first setup your AWS account. Complete admin access.

• New users have NO permissions when first created.

• New users are assigned Access Key ID & Secret Access Keys when first created. These are not the same as a password. You cannot use the Access key ID & Secret Access Key to login to the console. You can use this to access AWS via he APIs and Command Line.

• You only get to view Access Key ID & Secret Access Keys once. If they are lost, they much be regenerated, so save them in a secure location.

• Always setup Multifactor Authentication on root account.

• You can create and customize your own password rotation policies.