- Expands to Identity and Access Management
- IAM provides a one-stop platform for control of AWS account
- It has a global perspective and implementation as users, groups, policies under IAM are accessible across regions and not regional IAM
- SSO can be implemented under Identity Federation by SAML
- Has provision for temporary access
- IAM important terms
- Resources – Objects stored in IAM are resources. They can be added, edited or removed as per need. Resources includes
- User
- Group
- Role
- Policy
- identity provider
- Identities – It is a reference for IAM resources and, applied for identification or grouping of IAM resources. Policy association is needed for IAM identity. Identity includes
- Users
- Groups
- roles
- Entities – IAM resources used for authentication. It includes
- users
- roles – can be assumed by IAM users, in another account or federated by web identity or SAML.
- Principals – Refer to
- Person/application using AWS account as root user
- an IAM user
- IAM role which can sign in or make requests to AWS.
- Resources – Objects stored in IAM are resources. They can be added, edited or removed as per need. Resources includes
- Terms used
- User — an end user (like…a person)
- Groups — refers to set of users linked to a specific permissions
- Policies — a document that defines permissions (which you assign to users, groups, and roles)
- Roles — this has nothing to do with the users in account. Roles are for granting permissions to resources, like an EC2 instance (it can do other cool stuff too)
Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount