Iam Introduction

May 27, 2024 · 2 min read · aws iam ·

(this post if part of the material I cover in my devops course)

AWS IAM is a corenerstone in aws security model.
In this post we'll discuss the generic role of IAM and its relationship to some other aws services.

basics of IAM

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources.
With IAM, you can centrally manage permissions that control which AWS resources users can access.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
The IAM user guide is the major source of information about IAM

....wait, wait...I got confused..
What is IAM identity center?
Isn't that part of IAM?
No, the IAM Identity Center is a different AWS service!!!
It is used to manage users at another level, of multiple aws accounts and services.
- It can be used to create SSO (single sign on), so a user can login to multiple account and applications once.
- It can define users and groups, get users from external providers.
- It can allow/restrict access to specific aws accounts
..still confused...Isn't that what AWS Organizations is all about?
- well, Organizations and Identity Center integrate well
- Organizations takes care of much more then user authentication, its also about automatic creation of accounts, modeling the relationships among them, provide central billing, sharing resources etc.

IAM authorization is all about policies
A policy is an object in AWS that, when associated with an identity (like a user) or resource, defines their permissions.
AWS evaluates these policies when an IAM principal (user or role) makes a request to aws.
Permissions in the policies determine whether the request is allowed or denied.
Most policies are stored in AWS as JSON documents.

we'll deal with details of IAM in multiple posts.