IAM stands for Identity and Access Management. It is used to control access to AWS resources.
- Not region specific unlike most AWS resources.
- Users are people who will access your AWS resources.
- Root account is the email ID with which your account was created.
- It is advisable not to use the root account.
- It is recommended to enable MFA for the root account.
- Group is a way to combine users so we can apply policy to a group of users.
- Roles is a way for resource to access another resource. Example would be permission for EC2 to access S3
- Policy Documents are written in JSON and it is a key value pairs.
- Policies can be attached to users, groups and resources.
- Users have no permission by default. They will able to login but will not be able to do anything.
- Users are assigned Secret Key ID and Secret Access Key. This is for communicating with AWS via API, CLI and SDK.
- Users cannot login to the console using Secret Key ID and Secret Access Key.