[AWS] Identity and Access Management (IAM)

Identity and Access Management (IAM) provides the centralized management of your AWS account. It manages who can access what in your AWS services. Access control is done via policies that can be attached to users, groups, and roles.

  • IAM is a global service that is not tied to a region.
    • Users and policies can be used globally.
  • Users are given long-term credentials to access AWS resources (username/password or access keys).
  • Roles allow for short-term access to resources when assumed, using temporary access credentials.
  • IAM can work with Identity Federation such as Active Directory or Web Identity Federation (Facebook, Google, etc.)
Continue reading “[AWS] Identity and Access Management (IAM)”