If you’ve so much as dipped your toe into the ocean of AWS you’ve run into the term IAM. That may be as far as your explorations have take you but you’ve at least heard of it. So what is it and why is it so fundamental to Amazon Web Services?
IAM is short for Identity and Access Management. It is the security cornerstone of AWS. Through IAM management you create identities and then grant or restrict their access to various services within the AWS ecosystem.
Identities are equivalent to accounts. They can be associated with actual individuals or serve as system accounts. If used by individuals they can be granted console privileges that allow them to log into the AWS management console and manipulate AWS services.
The services that the identity can manipulate are governed by access roles, the AM in IAM. These roles can either be granted to the identity directly, or preferably, to a group that the identity is a member of. Groups allow identities to be inserted or removed from a role quickly as the need arises.
In addition to user credentials an identity can also be granted access keys. These keys allow programmatic access to AWS via APIs. Most often, the keys are used by third party software to perform actions in AWS like file management, database access, or even resource allocation. All of these access roles are controlled via IAM and can be as granular or broad as your situation calls for.
We’ve only begun to scratch the surface of IAM and AWS. If you would like to learn more, I recommend signing up for my free AWS Essentials email course. IAM is covered in one of nine lessons that will get you proficient with AWS and ready to start building your own systems.
What questions do you have about IAM? Leave a comment below or contact me and I will respond as quickly as I am able to.