Identity and Access Management in AWS allows us to create
1. users
2. groups and
3. roles
Users are physical users, who would login to aws console and manage or work with different aws services.
Groups are collection of users. Access for all the users of a group can be controlled through the group policy.
Roles are assigned to aws resources or services to give permissions to interact with other aws services.
Region is global for IAM. In other words, all the changes made within IAM will reflect to all the available regions. So, whenever a user is created, it will be created globally and will be available in all the regions.
The "root account" has admin right.
Groups can only have users, not other groups.
Users don't have to belong to a group. A user can belong to multiple groups.
Access: Aws can be accessed in the following ways:
Console: using password + MFA
CLI: using access key
SDK: from the code, using access key
Commenti