Amazon IAM

Amazon IAM is all about authentication (who you are) and authorization (what you’re allowed to do). It’s the gatekeeper of your AWS account, ensuring that only trusted users and systems can access specific services and actions.

Core Components:

1. Users

- Individual identities with credentials

2. Goups

- Collections of users with shared permissions

3. Roles

- Temporary access profiles for AWS services or external identies (e.g EC2 instance role to access DynamoDB).

4. Policies

- JSON documents that define permissions(e.g allow s3:Listbucket on a specific bucket)

Key Features

- Granular Access Control: Define exactly which actions are allowed on which resources.
- Least Privilege Principle: Grant only the permissions needed—nothing more.
- Multi-Factor Authentication (MFA): Add an extra layer of security for sensitive operations.
- Federated Access: Integrate with external identity providers like Google Workspace or Active Directory

Use cases

- Secure access to AWS services for developers, admins, and applications.
- Automate infrastructure with roles for EC2, Lambda, and CodePipeline.
- Audit and monitor access using IAM Access Analyzer and CloudTrail.