Notes – AWS IAM
What is AWS IAM?
AWS IAM is a security service that lets you control who can access your AWS resources and what they can do.
With IAM, you can:
- Create users and groups
- Assign permissions to them
- Safely manage access to AWS services
Why IAM is Important
Imagine giving limited keys to your house:
- One key lets your friend enter the living room
- Another lets the plumber into the kitchen only
Thatโs what IAM does for your AWS account.
Key Components of IAM
| Component | Description |
|---|---|
| Users | Individual identities (people or apps) |
| Groups | Collection of users with common permissions |
| Roles | Temporary access for trusted users or services |
| Policies | Rules that define who can do what (written in JSON) |
What You Can Do with IAM
- Create users for team members
- Set fine-grained permissions (e.g., read-only access to S3)
- Create roles for services like EC2 or Lambda
- Use MFA (Multi-Factor Authentication) for extra security
IAM Policy Example (Plain English)
Allow user to read objects from S3
Deny user from deleting EC2 instances
IAM policies can be customized for tight security control.
Best Practices for IAM
- Never use the root account for daily tasks
- Assign least privilege (give only whatโs needed)
- Use IAM roles for apps and services
- Enable MFA for all users
- Rotate access keys regularly
