AWS IAM - Indentity and Access Management

IAM is a region agnostic service since it manages groups, users, roles and policies regardless of their zones.

When you are in the IAM dashboard you'll notice a "IAM users sign-in link" label and next to it a link that seems a bit random, this link is the specific sign-in link for you account and the number in the link is your account number, for branding or to make it easier to remember you can change the display number to something easier to remember by clicking the "Customize" link, for example, here I changed the text to moresoft:


What are IAM roles?

IAM roles are a secure way to grant permissions to entities that you trust. these could be users in another account, an application running in an EC2 instance, an AWS service, users from a corporate directory, etc.
IAM roles issue keys that are valid for short durations, making them a secure way to grant access. An IAM role is an identity that defines a set of permissions for making AWS service requests. IAM roles are not associated with specific users or groups, instead, trusted identities assume roles.

What is a user?

A user is a unique identity recognized by AWS services and applications. A user has a unique name and can identify itself using familiar security credentials such as a password or access key. A user can be an individual, system or application requiring access to AWS services.

What is a group?

A group is a collection of IAM users. Manage group membership as a simple list.:
  • A user can belong to multiple groups.
  • Groups cannot belong to other groups.
  • Groups can be granted permissions using access control policies.
  • Groups do not have security credentials and cannot access web service directly. they exist solely to make it easier to manage user permissions.

Comentarios

Entradas populares de este blog

AWS - Compute Fundamentals

AWS - Application Services