AWS Identity and Access Management (IAM) | General Flashcards
What is AWS Identity and Access Management (IAM)?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
You can use AWS IAM to securely control individual and group access to your AWS resources. You can create and manage user identities (“IAM users”) and grant permissions for those IAM users to access your resources. You can also grant permissions for users outside of AWS (federated users).
How do I get started with IAM?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
To start using IAM, you must subscribe to at least one of the AWS services that is integrated with IAM. You then can create and manage users, groups, and permissions via IAM APIs, the AWS CLI, or the IAM console, which gives you a point-and-click, web-based interface. You can also use the visual editor to create policies.
What problems does IAM solve?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
IAM makes it easy to provide multiple users secure access to your AWS resources. IAM enables you to:
Manage IAM users and their access: You can create users in AWS’s identity management system, assign users individual security credentials (such as access keys, passwords, multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources. You can specify permissions to control which operations a user can perform.
Manage access for federated users: You can request security credentials with configurable expirations for users who you manage in your corporate directory, allowing you to provide your employees and applications secure access to resources in your AWS account without creating an IAM user account for them. You specify the permissions for these security credentials to control which operations a user can perform.
Who can use IAM?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
Any AWS customer can use IAM. The service is offered at no additional charge. You will be charged only for the use of other AWS services by your users.
What is a user?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
A user is a unique identity recognized by AWS services and applications. Similar to a login user in an operating system like Windows or UNIX, a user has a unique name and can identify itself using familiar security credentials such as a password or access key. A user can be an individual, system, or application requiring access to AWS services. IAM supports users (referred to as “IAM users”) managed in AWS’s identity management system, and it also enables you to grant access to AWS resources for users managed outside of AWS in your corporate directory (referred to as “federated users”).
What can a user do?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
A user can place requests to web services such as Amazon S3 and Amazon EC2. A user’s ability to access web service APIs is under the control and responsibility of the AWS account under which it is defined. You can permit a user to access any or all of the AWS services that have been integrated with IAM and to which the AWS account has subscribed. If permitted, a user has access to all of the resources under the AWS account. In addition, if the AWS account has access to resources from a different AWS account, its users may be able to access data under those AWS accounts. Any AWS resources created by a user are under control of and paid for by its AWS account. A user cannot independently subscribe to AWS services or control resources.
How do users call AWS services?
General
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
Users can make requests to AWS services using security credentials. Explicit permissions govern a user’s ability to call AWS services. By default, users have no ability to call service APIs on behalf of the account.
