You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
IAM users and groups are the primary way you grant people and applications access to your AWS account. Understanding how to create, organise, and manage them is fundamental to maintaining a secure environment.
An IAM user is an entity that represents a person or workload. When you create a user, you give it a unique name and assign it credentials so it can authenticate.
Each IAM user can have one or both types of access:
| Access Type | Used For | Credential |
|---|---|---|
| Console access | Signing in to the AWS Management Console via a web browser | Password |
| Programmatic access | Making API calls via the CLI, SDKs, or direct HTTP requests | Access key ID + Secret access key |
A user with console access can click through the AWS web interface. A user with programmatic access can run commands like aws s3 ls from a terminal. Many users — especially administrators — have both.
When creating a user, you should:
jsmith, maria.garcia).Access keys consist of two parts:
AKIAIOSFODNN7EXAMPLE)Important: The secret access key is shown exactly once. If you lose it, you must create a new access key pair. Never share access keys. Never embed them in source code. Never commit them to version control.
Each user can have a maximum of two active access keys. This allows you to rotate keys without downtime — create a new key, update your applications, then deactivate the old key.
An IAM group is simply a collection of IAM users. Groups let you manage permissions collectively rather than individually.
Imagine you have 20 developers who all need the same permissions. Without groups, you would:
With groups, you:
Developers group and attach policies to it onceSubscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.