IAM Introduction

• IAM Stands for Identity and Access Management.
• IAM is a web service that enables you to manage access to AWS services and resources securely.
• IAM provides the control of who is authenticated (signed in) and authorized (has permissions) to use resources.
• Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

IAM Features

1. Shared access to your AWS account

• The main feature of IAM is that it allows you to create separate usernames and passwords for individual users or resources and provide access with Policy.
• This helps to manage users without having to share your password or access key.

2. Granular permissions

• You can grant different permissions to different people for different resources.
• For example, you can allow the user to download information, but deny the same user to update information through the policies.

3. Secure access to AWS resources for applications that run on Amazon EC2

You can use IAM features to securely provide credentials for applications that run on EC2 instances. These credentials provide permissions for your application to access other AWS resources. Examples include S3 buckets and DynamoDB tables.

4. Multi-factor authentication (MFA)

• You can add two-factor authentication to your account and to individual users for extra security.
• With MFA you or your users must provide not only a password or access to your account, but also a code from the configured device.

5. Identity Federation:

• You can request security credentials with configurable expirations for users who you manage in your corporate directory, allowing you to provide your employees and applications secure access to resources in your AWS account without creating an IAM user account for them.
• For example, your organization will need to federate access from other identity providers such as Okta, G Suite, or Active Directory.

6. Identity information for assurance:

• AWS CloudTrail will help to idenfity the user activity.
• You receive log records that include information about those who made requests for resources in your account. That information is based on IAM identities.

7. Free to use:

• AWS Identity and Access Management (IAM) and AWS Security Token Service (AWS STS) are features of your AWS account offered at no additional charge.
• You are charged only when you access other AWS services using your IAM users or AWS STS temporary security credentials.