We’ve already seen What is IAM in AWS in our previous post, In this post we will be focussing on IAM Components in AWS. There are 6 IAM Components in AWS.
IAM provides the infrastructure necessary to control authentication and authorization for your account. The IAM infrastructure includes the following elements or components.
Let’s try to understand each component in brief.
A principal is a person or application that can make a request for an action or operation on an AWS resource. Basically principal is someone who will do some work or operation. The principal can be a user, role, federated user or application.
The work which principal will do based on authentication is called a request. When a principal tries to use the AWS Management Console, the AWS API, or the AWS CLI, that principal sends a request to AWS. Request is basically set of operations.
When we create a user so he/she is authenticated to use AWS account is called Authentication. A principal must be authenticated (signed in to AWS) using their credentials to send a request to AWS.
Now what level of operation that user can perform depends on his Authorization. So basically it is level of permission which is determined by policies.
Actions or Operations
After your request has been authenticated and authorized, AWS approves the actions or operations in your request. Action is the work which Principal has requested.
A resource is an object that exists within a service. A resource is an object where actions are performed.
So this was brief about components of IAM AWS which should be sufficient to get started, If you want to get in depth of each you can click here.