Manages access of AWS users and resources.

It is a universal system. Applied to all regions at the same time. IAM is a free service.s

Consists of four different components, with three of them being identities:

• Identities
  • Users
  • Groups
  • Roles
• Policies — Are attached to IAM Identities

Users

End users who log into the console or interact with AWS resource programmatically.

• Can belong to a Group
• Roles can be applied — Inline Policy

Groups

Group up your Users so they all share permissions levels of the group.

e.g. Admin, Dev, Auditors, …

Roles

Associate permissions to a Role and then assign this to an User, Service or Group

Holds Policies

Can be applied to various AWS resources

Policies

JSON documents which grant permissions for a specific IAM Identity to access services.

Types