IAM (Identity Access Management)

  • Centralized control of your AWS account
  • Shared Access to your AWS account
  • Granular Permissions
  • Identity Federation (including Active Directory, Facebook, etc...)
  • Multifactor Authentication
  • Temporary access to users/devices and services
  • Password rotation policy
  • PCI DSS Compliance


  • Users
  • Groups
  • Policies
  • Roles

AWS provides IAM Pre-defined Roles per Job Function, otherwise custom roles and policies can be defined.

  • IAM is universal. It does not apply to regions.
  • The root account is the account created when first setting up AWS account - It has complete Admin access.
  • Users have no permissions by default.
  • New Users are assigned Access Key ID & Secret Access Keys when programmatic access is enabled.
  • Access Key Id and Secret Access Key will be displayed once. If lost, they will have to be regenerated.
  • MFA should be set up on the root account.