What is IAM in AWS

In this post we’re going to see What is IAM in AWS. IAM stands for Identity and Access Management. AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

  • IAM is web service that enables AWS Customers to manage users their permission and access level.
  • With IAM AWS customer sets user permissions, roles and allows you to grant access to different services of AWS.

What is AWS Root User?

When you create an account with email id and password for the first time, the account which gets created is Root Account and the user is called AWS Root user. So basically, Root user is the sole owner of the account which has permission for everything. He can create users, assigns role and permissions and most importantly has access to billing dashboard.

What are the features of IAM?

  1. Centralized Control & Shared Access of AWS Accounts.
  2. Secure access to AWS resources for applications that run on Amazon EC2
  3. Granular permissions (Access to Only Particular Services)
  4. Multi-factor authentication (MFA)
  5. Temporary Credentials
  6. Identity federation
  7. Flexible Security Credential Management
  8. Integrate with Many AWS Services.
  9. Free to use
  10. Eventually Consistent (Across Amazon data center around world)

Authentication and Authorization

  • When we create a user so he/she is authenticated to use AWS account is called Authentication.
  • Now what level of operation that user can perform depends on his Authorization. So basically it is level of permission.

Important Points:

IAM user limit if 5000 per AWS Account, You can add upto 10 users per time.

IAM service is global service, i.e. it is independent of region.

You are limited to 300 group per AWS account.

You are limited to 1000 IAM roles under AWS account.

Default limit of Managed Policies attached to IAM user or IAM role is 10.

IAM user can be a member of 10 group maximum.

We can assign to access keys maximum to IAM user

IAM Identities in AWS

Users: End User

Groups: A collection of users 

Role: Role is basically an AWS Service

Policy: Policy defines Authorization for Users and Roles. User/Roles creates Authentication whereas policy attached to user/role defines authorization.

So this is Introduction to IAM, In the next post will be seeing IAM Components.

3 thoughts on “What is IAM in AWS

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s