In my career, when I started working with AWS it was slightly hard for me to understand what is a User and a Role in AWS and how we assign a Role to a user(For me It was an S3 bucket), How can I access anything on AWS?
In this article, I will try to explain briefly IAM in AWS in simple words. This article is very basic and intended for the reader who is new to AWS. Let’s start the article with a basic question.
What is IAM?
IAM stands for Identity and Access Management. Simply put, it is a framework that provides the right access to the right user.
AWS Users are generally the people working in your organization who can be grouped.
AWS Groups are the groups of users that need similar kinds of permissions on AWS accounts. It’s always a better idea first to create groups and later assign the permissions to the groups. In AWS you can’t create a group of groups.
AWS Policies are the permissions that are assigned to a user or group or role. In AWS you apply the least privilege principle: don’t give more permission than a user needs. Below is an example of a policy that gives access to all s3 buckets to list them and get the location of those buckets.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AccessS3",
"Effect": "Allow"…
