Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources. IAM is global — it is not tied to a specific region — and it is available at no additional charge.

Why IAM Matters

By default, when you create an AWS account, you have a single root user with unlimited access. This is dangerous for day-to-day operations. IAM lets you:

Create individual users with specific permissions
Organise users into groups
Define policies that specify what actions are allowed or denied
Use roles to grant temporary permissions to services or users

Core IAM Components

Users

An IAM user represents a person or application that interacts with AWS. Each user has:

A unique name within the account
Credentials (password for console access, access keys for programmatic access)
Permissions defined by attached policies

Best practice: Create individual IAM users instead of sharing credentials.

Groups

A group is a collection of IAM users. You attach policies to groups, and all users in the group inherit those permissions.

Example:

Identity and Access Management (IAM)

Identity and Access Management (IAM)

Why IAM Matters

Core IAM Components

Users

Groups

More in Cloud