AWS: Introduction to AWS Identity and Access Management (IAM)
In this tutorial, we are going to learn about IAM, one of the most important and usefully service of Amazon Web Service.
What is IAM?
IAM stands for identity and access management.
It is a global service because in IAM, we are going to create our users and assign them to group.
So we've already used IAM without knowing, when we created an account, we created a root account, and has been created by default. This is the root user of our accounts.
And the only thing you should use it for is to set up your account, But then you shouldn't use that account anymore, or even share it.
What you should be doing instead, is creating users, so you will create users in IAM, and one user represents one person within your organization. and also the users can be grouped together if it makes sense.
Groups can only contain users, not other groups, Groups only contain users, but user can belong to multiple groups
Why do we create users and why do we create groups?
When you created an AWS account you provided an email and password, so when you are using these credentials to log in, then you are using the Root Account.
The Root Account has full access to all resources in your AWS account, so with the root account access, you can do anything in your AWS account.
It's Highly Recommended to do not to use your root account for day-to-day administrative tasks, instead, you should create users and groups in your account and assign them the appropriate policy based on their role.
Well, because we want to allow them to use our AWS accounts and to allow them to do so, we have to give them permission.
So in AWS, we don't allow everyone to do everything that would be harmful, because a new user could basically launch so many services and they will cost you a lot of money or would be valid for security.
So in AWS, you apply a principle called the least privilege principle means don't give more permissions than a user needs.
In case, if a user just needs access to these services, just create permission for that user.
That's it for this article, in the very next article we will learn How to create an IAM user in AWS step by step.
