IAM
IAM (Identity Access Management)
- Centralized control of your AWS account
- Shared Access to your AWS account
- Granular Permissions
- Identity Federation (including Active Directory, Facebook, etc...)
- Multifactor Authentication
- Temporary access to users/devices and services
- Password rotation policy
- PCI DSS Compliance
Models:
- Users
- Groups
- Policies
- Roles
AWS provides IAM Pre-defined Roles per Job Function, otherwise custom roles and policies can be defined.
- IAM is universal. It does not apply to regions.
- The root account is the account created when first setting up AWS account - It has complete Admin access.
- Users have no permissions by default.
- New Users are assigned Access Key ID & Secret Access Keys when programmatic access is enabled.
- Access Key Id and Secret Access Key will be displayed once. If lost, they will have to be regenerated.
- MFA should be set up on the root account.