In this post, we will discuss the AWS IAM feature. We will cover some of the basic features that IAM provides and dene some of the common use cases in which it can be used.
So what is IAM its stands for Identity Access Management. AWS created a very resilient feature for implementing security on the cloud. IAM is the key service and security pillar of aws well-architected framework. It is a service where you can manage access to aws endpoints. The endpoints include object and data store services such as S3 and dynamoDB. In general, IAM is used for assigning permission to users on certain aws endpoints.
Each user has its own permission policies and in terms of permissions, you can set a very nice granular level of permission. Users can also belong to a group so If you have a number of users that are working as system administrators or developers to manage your aws endpoint you can create a group for system administrators or developers in order to assign the same.
Besides IAM users and IAM Groups you also have another type of entity called roles. Now roles are used for application-based access. For example, if you have a custom application and you want to store or retrieve data from S3 bucket you can associate the resources running with your application code with an IAM role and that role will be attached to a permission policy that would allow your application on aws resource (i.e EC2 instance) to access S3.
Remember IAM is a global entity. In AWS creating a user in IAM will apply to all regions within an aws account. You can also manage IAM using AWS CLI
So for accessing AWS entities, you have to have a API access key because every aws resource is running on API based request. Once you have to API access key for your AWS account you can remotely control changes in AWS resources.