Allows to manage users, groups, policies, roles ...
IAM offers the following feature
-
Centralised controls of AWS account
-
Shared Access
-
Granular Permissions
-
Identity Federation (AD, GSuite, ...)
-
Multifactor Authentication
-
Provide temporary access for users/devices and services where nessary
-
Allows to set up password rotation policy
-
Integrates with many different AWS services
-
Supports PCI DSS Compliance
-
IAM is universal, any activity is on Global region, not any specific region.
-
The "root account" is simply the account created when first setup AWS account, it has complete Admin access
-
New Users have NO permissions when first created
-
New Users are assigned Access Key ID & Secret Access Keys when first created
-
These are not the same as password. Cannot user Access Key ID & Secret Access Key to login to console, we can use this to access AWS via the APIs and Command Line, however (programmatic access)
-
View these once. If lose them we have to regenerate
-
Always setup Multifactor Authentication on root account.
-
Can create and customise password rotation policies
Create group and select the policies to be attached to the group.
Policy: json defined permissions
IAM roles are a secure way to grant permissions to entities that you trust.
