IAM

What is IAM

AWS IAM (Identity and Access Management) is like the security guard for your AWS cloud. It helps you control who can access your AWS resources (like servers, databases, or storage) and what they are allowed to do with them.

Identity: It manages users, groups, and roles (the “who”).

Access Management: It controls permissions—what actions those users or roles can perform (the “what”).

So, with IAM you can say things like:

“Alice can only read files in this storage bucket.”

“Bob can start or stop servers.”

“This app can access the database but cannot delete anything.”

The key essential things that build AWS IAM:

• Users Individual identities (like your employees or team members) who need access to AWS resources.

• Groups Collections of users. Instead of giving permissions to each user one by one, you assign permissions to groups and add users to those groups.

• Roles Temporary permissions you assign to AWS services or users from outside your account. Useful for granting access without sharing passwords or long-term credentials.

• Policies The rules that define what actions users, groups, or roles are allowed (or denied) to do on which resources. Written in JSON, they specify permissions like “read-only” or “full access.”

• Permissions The actual allowed or denied actions that come from policies attached to users, groups, or roles.

• Identity Providers (IdPs) External services (like Google, Facebook, or your company’s Active Directory) that allow users to sign in to AWS without creating a separate AWS user.

Summary:

• Users + Groups + Roles = Who

• Policies + Permissions = What they can do