0Slide -1:
Identity and Access Managment (IAM)?
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users.
You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization).
Slide-2:
Main Components of IAM?
- IAM Users
- IAM Groups
- IAM Roles
- IAM Polices
Slide-3:
IAM Users
- Users – End users
- “Root” account users have full access by default
- Newly created users have no Permissions to do anything, implicit denial for all services.
- Permissions must be explicitly granted.
- Manage their Username / password to login to the AWS Console.
- AWS credentials used for making API calls to interact with AWS services.
a. Access Key ID
b. Secret Key
Slide-4:
IAM Roles
IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to make AWS API calls.
Roles define permissions much like an IAM User
IAM Roles do NOT have:
- Username/password like an IAM User can
- AWS credentials that can be retrieved like an IAM User credentials
- Permissions of an IAM Role can be granted / assigned to an Ex:EC2 instance – ReadOnlyAccessEC2
