AWS IAM Account and Policy


IAM (Identity Access Management) in AWS is services which control the access of AWS Resource and Services which is always user Based.
  • AWS IAM provide the Facility of User Management,  AWS Resource and services access control management, Security Management of AWS resource. It defines the user Access permission to the AWS Services. 
  • Every AWS account is assigned with the root account which controls everything including resource access, users, security etc. Root Account is the head of your account which have the full power of AWS IAM Resource. Never Share the root account credential with any one. Don't Use the root account for your daily task or for your administrative purpose. 
  • Root User is called the creator of the account Which have the full permission and access to the AWS Resource. 
  • By default 5000 users can be created per AWS account Using IAM. At a time you can add 10 user.
  • By default you can create max 300 Groups per AWS account using IAM.
  • You can create 1000 roles per AWS Account using IAM.
  • IAM User can be the member of 10 Group.
  • IAM services is available free of cost. And it is not region specific. IAM is Global services.
  • While creating group in IAM, you can't create group inside group. Nested group is not possible in IAM AWS.
  • Using IAM in AWS you can control the resource access and action by applying various default policy and IAM inline policy 
AWS IAM Policy


 Feature of IAM in AWS

  • Shared Access to your AWS Account with giving them the root Credential.
  • Granular Permission means here is level of access to the AWS resource. Example sometime you want to give user only Read Permission.
  • Secure Access of Application which will run on EC2 Instance.
  • Multifactor Authentication 
  • Identity Federation
  • Identity Information for Assurance.(You can check which user have access which resource using log record).
  • PCS DSS compliance (PCI : Payment card Industry, DSS : Data Security Standard).
  • Eventually Consistent and highly Available.

AWS IAM Terms

  • Principal ( Principal can be Users Perform and use the resources or It can be Application also because sometime request will go through the Application, Roles etc. )
  • Request : Principal which send the request.
  • Authentication :  Authentication will check and verify the principal. Only Authentic Users can have the access of the AWS Resource.
  • Authorization : Authorization check the level of task permission and restrict the task performed by the authentic user if it is not permitted and assigned to him. 
  • Action / Operation : Any task what you performed which is authorized to do by root user. 
  • Resources : It's Basically AWS resource. 

IAM Default Policy and Inline Policy


at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)

Our Feature Post

There is a tree between houses of A and B If the tree leans on As House

    There is a tree between houses of A and B. If the tree There is a tree between houses of A and B. If the tree leans on A’s House, the t...

Our Popular Post