Identity and Access Management

  • IAM enables secure access control to AWS services and resources.

  • IAM is global—not tied to a specific AWS Region.

  • IAM users represent individual identities with long-term credentials.

  • IAM groups allow managing permissions for multiple users at once.

  • IAM roles are used for temporary access, commonly assumed by AWS services or users.

  • IAM policies define permissions using JSON documents.

  • Policies can be attached to users, groups, or roles.

  • Supports inline and managed policies (AWS-managed or customer-managed).

  • IAM roles can be assumed across AWS accounts using trust policies.

  • Supports temporary credentials via AWS STS (Security Token Service).

  • Enforces least privilege principle for security best practices.

  • IAM supports MFA (Multi-Factor Authentication) for enhanced security.

  • Access Analyzer helps detect unintended public or cross-account access.

  • IAM permissions boundaries define the maximum permissions a role or user can have.

  • AWS Organizations can enforce SCPs (Service Control Policies) to restrict IAM entities across accounts.

Last updated