AWS - IAM

IAM

Identity and Access Management, a web service that manages who can access AWS resources and to what extent.

IAM Users

An individual person or application that interacts with AWS.

IAM Groups

A collection of IAM users that share similar access needs, simplifying permission management.

IAM Roles

A set of permissions that can be assumed by users or other AWS services.

Policies

JSON documents that define permissions by either allowing or denying access to specific resources.

Federated Account Access

Set up with AWS IAM to authenticate users from identity providers.

MFA

Multi-Factor Authentication that enhances security by requiring additional verification for actions.

Service Control Policies (SCPs)

Policies that limit what accounts can do under an organization’s structure, creating a permission ceiling.

Resource-Based Policies

Attached to resources, allowing access to users or roles in other AWS accounts.

Tag-Based Access Control

Access management using key-value pairs attached to IAM principals and AWS resources.

Access Control Lists (ACLs)

Control access for principals in different accounts.

User Characteristics

Typically, an IAM user will have a username and password for console access, as well as access keys for programmatic access.

Explicit Deny

AWS follows rules where anything explicitly denied cannot be accessed.

Role Assumption

A process where an instance temporarily assumes a different role in another account, defined with trust policies.

Permission Sets

Reusable collections of permissions that define specific access levels within AWS environments.