This page is under regular updates. Please check back later for more content.
Security Identity & Compliance
Identity and Access Management (IAM)
User

IAM Users

An IAM user is similar to a user in systems like LDAP or Active Directory, representing a principal identity. Examples of identities include: Developers, Operations professionals, Non-technical project managers, Applications

  • IAM users can also have a permission boundary policy, which is crucial for enforcing least privilege.
  • IAM users can be associated with different types of permissions
    • Group permissions
    • Inline permissions
    • Managed permissions

Credentials for IAM Users

  • IAM users serve as containers for credentials, which include:

    • Sign-in credentials: Username and password for AWS console access.
    • Access keys: A pair of keys (access key ID and secret access key) for programmatic access to AWS services.

  • Lesser-used credentials include:

    • CodeCommit credentials for AWS CodeCommit service.
    • KeySpaces credentials for AWS Apache Cassandra service.

Examples of IAM Users

Csmith

  • Logs into the AWS console using sign-in credentials and utilizes Multi-Factor Authentication (MFA).
  • Role: Billing Administrator.

Hsimpson:

  • Has sign-in credentials, MFA, and the ability to programmatically invoke AWS using command line or SDK with API keys.
  • Role: DevOps Administrator.

Myapp1

  • An application without sign-in credentials or MFA, accessing AWS solely through access keys.
Identity and Access Management (IAM)Group