• Expands to Identity and Access Management
  • IAM provides a one-stop platform for control of AWS account
  • It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM
  • SSO can be implemented under Identity Federation by SAML
  • Has provision for temporary access
  • IAM important terms
    • Resources – Objects stored in IAM are resources. They can be added, edited or removed as per need. Resources includes
      • User
      • Group
      • Role
      • Policy
      • identity provider
    • Identities – It is a reference for IAM resources and, applied for identification or grouping of IAM resources. Policy association is needed for IAM identity. Identity includes
      • Users
      • Groups
      • roles
    • Entities – IAM resources used for authentication. It includes
      • users
      • roles – can be assumed by IAM users, in another account or federated by web identity or SAML.
    • Principals – Refer to
      • Person/application using AWS account as root user
      • an IAM user
      • IAM role which can sign in or make requests to AWS.
  • Terms used
    • User — an end user (like…a person)
    • Groups — refers to set of users linked to a specific permissions
    • Policies — a document that defines permissions (which you assign to users, groups, and roles)
    • Roles — this has nothing to do with the users in account. Roles are for granting permissions to resources, like an EC2 instance (it can do other cool stuff too)
Menu