IAM (Identity and Access Management) is an AWS service used to securely control access to AWS resources.
It helps you define who can access what, ensuring only authorized users or services perform allowed actions.
| Term | Description |
|---|---|
| User | Represents an individual person or application who interacts with AWS. |
| Group | A collection of IAM users that share the same permissions. |
| Role | Used to grant temporary permissions to AWS resources or services (no username/password). |
| Policy | A JSON document that defines permissions (Allow/Deny) for users, groups, or roles. |
Created for individuals or apps that need access to AWS.
Each user has:
Example:
A developer in your team can have a user account named developer1.
# Example of creating a user using CLI
aws iam create-user --user-name developer1
Used to manage multiple users together.
Instead of assigning permissions to each user, attach policies to the group.
Example:
Developers, Admins, Auditors groups.