AWS Identity and
Access Management (IAM) is one of the very popular, free to use, and
significant web service that allows end users to manage users, groups, roles,
credentials, Identity federation to allow corporate users to get temporary
access to AWS account, multi factor authentication, and user permissions in
- Centrally managed user accounts and to get consolidated billing rather than having user accounts per user - Single AWS account and multiple users in simple terms
- To allow access to AWS resources from specific networks and easily manage security credentials
- To use multi-factor authentication for sign in
- To get Access Key and Security Access Keys unique per user
- To group users for providing them similar sort of permissions
Roles are assigned
to AWS resources. Policy is set of permissions.
What is Root Account Credentials?
When we sign up for
a Free tier account for example; we provide email and password. We use this
email and password to log in to AWS Management Console. This combination of
email and password is known as "Root Account Credentials."
Administrative access to all resources in AWS account.
There are pre-build policy templates such as Administrator Access, Power user Access (No User and Group Management), Read Only Access.
provides very granular level of control and automated policy creation. Let's
take an example of Sample spring file deployment on AWS. IAM can be helpful in
creating Amazon EC2 instances, instillation and configuration of an
- IAM is not region specific service. It is
- IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS Platform
- Power User Access allows access to all AWS services except for management of groups and users within IAM
- AWS User cannot log in to the AWS management console using the Access Key ID and Secret Access Key. Admin must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS management console
- Centralised control of your AWS account
- Integrates with existing active directory account allowing single sign on
- Fine-grained access control to AWS resources
- The ability to create User/Group/Roles
- Root account has administrative access
- IAM provides very granular level of control and automated policy creation.
a note that Password Policy is renamed to Account Settings.
Labels: AWS, AWS IAM, Cloud Computing, Public Cloud