IAM policy is a JSON document that defines permissions for users and resources. To uniquely identify AWS resources, Amazon Resource Names (ARNs) are used.Continue reading “[AWS] Policies”
Identity and Access Management (IAM) provides the centralized management of your AWS account. It manages who can access what in your AWS services. Access control is done via policies that can be attached to users, groups, and roles.
- IAM is a global service that is not tied to a region.
- Users and policies can be used globally.
- Users are given long-term credentials to access AWS resources (username/password or access keys).
- Roles allow for short-term access to resources when assumed, using temporary access credentials.
- IAM can work with Identity Federation such as Active Directory or Web Identity Federation (Facebook, Google, etc.)