You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 1, 2024. It is now read-only.
Identity Access Management (IAM) - Allows you to manage users and their level of access to the AWS Console.
- Centralized control of AWS account
- Shared access to AWS account
- Granular permissions
- Identify Federation (AD, FB, LinkedIn, etc.)
- Multifactor Authentication
- Provide temporary access for users/devices/services
- Allows you to setup password rotation policy
- Integrates with many services
- Supports PCI DSS Compliance
Critical Terms
Users - End users
Groups - Collection of users under one set of permissions (Admins, HR, etc.)
Roles - Create roles and assign them to AWS resources (i.e. giving EC2 instance role for writing to EC2)
Policies - Document that defines one or more permissions. Apply policies to users, groups, and roles
IAM does not use region concept.
You can create cross-acount roles (ie, you hire a company to do audit, the user that you provide to the auditor can be cross-account)
Never use your root account for daily base. ALWAYS create new users
Remember: Add user confirmation window (where the security and access key is shown) is only displayed ONCE. If you lose access, you will have to regenerate the keys.