AWS Identity and Access Management (IAM) allows you to manage AWS users, groups, roles, and access to various application services. IAM provides access and access permissions to AWS resources, such as EC2, RDS, DynamoDB, S3, and so on. It is a global service to all the AWS regions. It means that creating a user in IAM, will apply to all the AWS regions. Here are some common uses of IAM:
- Users to access accounts or specific services
- IAM roles to allow other resources to assume some permissions
- Groups to tie users
- Policies for more fine grained access
- Creating API keys for programmable access to AWS resources
- Defining a password policy
- Managing MFA requirements per user basis
When you create a user in IAM, it has no permission on any AWS resource or service. This is called a non-explicit deny rule set for all new users. In order to allow them...