You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources. IAM is global — it is not tied to a specific region — and it is available at no additional charge.
By default, when you create an AWS account, you have a single root user with unlimited access. This is dangerous for day-to-day operations. IAM lets you:
An IAM user represents a person or application that interacts with AWS. Each user has:
Best practice: Create individual IAM users instead of sharing credentials.
A group is a collection of IAM users. You attach policies to groups, and all users in the group inherit those permissions.
Example:
| Group | Policy | Users |
|---|---|---|
| Developers | Full EC2 + S3 access | Alice, Bob |
| ReadOnly | Read-only access to all services | Charlie |
| Admins | Full access | David |
Policies are JSON documents that define permissions. They specify:
s3:GetObject)Example policy — allow read-only S3 access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
}
]
}
An IAM role is an identity with permissions that can be assumed by users, applications, or AWS services. Roles do not have permanent credentials — they provide temporary security credentials.
Common use cases:
The most important IAM best practice: grant only the permissions required to perform a task — nothing more.
This means:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.