AWS Identity & Access Management

AWS Identity & Access Management

IAM Introduction: 

If you want to control who are the users who will have access to what services, access to control policies and how they will use them, all these can be done by AWS IAM concepts by configuring users, groups, and access control policies.

AWS IAM is configured by following methods:

• Via AWS management control
• Via CLI
• Via AWS SDK

Principals:

A principal is an IAM entity which interacts to AWS resources. There are three types of principal available in AWS, Root users, IAM users, Roles/temporary security tokens. Principal can be temporary or permanent.

Root User:

Root user is a user which has complete access to your AWS account, as soon as you will create the account in AWS you will act as root user.  It has all privilege to perform any work in your account.

IAM Users:  

IAM users are individual users whose accounts are created to perform certain duties, like IAM users of your operation tem. These users can be created by IAM administrators at any time via AWS console, CLI, SDK.

Roles/Temporary Security Tokens:

Roles are specific task which is associated to any IAM users, which they can perform once it is assigned to them. It is specific privilege which is granted to IAM users. AWS provides

When a role is assigned to users then users will use the temporary security tokens from AWS Security Token Service (STS) to access the AWS cloud service.