IAM gives you the ability to manage users, their service account, their permissions, and their roles across all your services. In addition, you can create instance-, container-, or function-scoped roles. Federation of existing directory services and single sign-on solutions can also be accomplished using IAM. We'll come back to IAM in Chapter 4, Security - Ensuring the Integrity of Your Systems.
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.
Note
Speaking of least privilege, you really shouldn't be using your root user for AWS console access. Let's create a new user. Then go back and see whether you can recreate your environment with the new user.
Create a file named user.tf
and add the following:
resource "aws_iam_user" "cloudpatterns"...