IAM
AWS Identity and Access Management (IAM) is a web service that helps you securely
control access to AWS resources for your users. You use IAM to control
who can use your AWS resources
(authentication) and what resources they can use and in what ways (authorization).
IAM Features
- Centralized control of your AWS account
- Shared access to AWS account
- Granular Permissions
- Identity Federation (Active directory)
- Multifactor Authentication
- Provide temporary access to users/devices where necessary
- Allowed you to setup your own password rotation policy
- Integerates with many AWS services
- Supports PCI DSS compliance
- Free AWS service and a Global Service
IAM components
- Users — Think of a person
- Groups — One or more users with similar permissions
- Roles — Roles can be assigned to AWS resources
- Policies — A document that defines one or more permissions
