In this post we’re going to see What is IAM in AWS. IAM stands for Identity and Access Management. AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
- IAM is web service that enables AWS Customers to manage users their permission and access level.
- With IAM AWS customer sets user permissions, roles and allows you to grant access to different services of AWS.
What is AWS Root User?
When you create an account with email id and password for the first time, the account which gets created is Root Account and the user is called AWS Root user. So basically, Root user is the sole owner of the account which has permission for everything. He can create users, assigns role and permissions and most importantly has access to billing dashboard.
What are the features of IAM?
- Centralized Control & Shared Access of AWS Accounts.
- Secure access to AWS resources for applications that run on Amazon EC2
- Granular permissions (Access to Only Particular Services)
- Multi-factor authentication (MFA)
- Temporary Credentials
- Identity federation
- Flexible Security Credential Management
- Integrate with Many AWS Services.
- Free to use
- Eventually Consistent (Across Amazon data center around world)
Authentication and Authorization
- When we create a user so he/she is authenticated to use AWS account is called Authentication.
- Now what level of operation that user can perform depends on his Authorization. So basically it is level of permission.
IAM user limit if 5000 per AWS Account, You can add upto 10 users per time.
IAM service is global service, i.e. it is independent of region.
You are limited to 300 group per AWS account.
You are limited to 1000 IAM roles under AWS account.
Default limit of Managed Policies attached to IAM user or IAM role is 10.
IAM user can be a member of 10 group maximum.
We can assign to access keys maximum to IAM user
IAM Identities in AWS
Users: End User
Groups: A collection of users
Role: Role is basically an AWS Service
Policy: Policy defines Authorization for Users and Roles. User/Roles creates Authentication whereas policy attached to user/role defines authorization.
So this is Introduction to IAM, In the next post will be seeing IAM Components.