IAM allows to manage users and there level of access to the AWS console.
IAM Features:
- Centralised control of your AWS account.
- Shared Access to your AWS account.
- Granular Permissions.
- Identify Fediration (including active Directory, Facebook, Linkedin, etc).
- Multifactor Authenticator.
- Provide temporary access for users/devices and services where necessary.
- Allows a user to set up his own rotation password.
- Integrates with many different AWS services.
- Supports PCI DSS compliance.
Key Terminology For IAM:
- Users: End users such as Peoples, Employees of an organization etc.
- Groups: A group is a colllection of users, each user in the group will inherit the permission of the group.
- Policies: Policies are made up of documents called policy documents. These documents are in a format called JSON and they give permissions as to waht a USER/GROUP/ROLE is able to do.
- Roles: We and create roles and them assign them to AWS resources.