In this tutorial, we are going to learn about IAM, one of the most important and usefully service of Amazon Web Service.
What is IAM?
IAM stands for identity and access management.
It is a global service because in IAM, we are going to create our users and assign them to group.
So we've already used IAM without knowing, when we created an account, we created a root accounts, and has been created by default. This is the root user of our accounts.
And the only things you should use it for is to set up your account,But then you shouldn't use that account anymore, or even share it.
What you should be doing instead, is create users, so you will create users in IAM, and one user represents one person within your organization. and also the users can be grouped together if it makes sense.
Why do we create users and why do we create groups?
When you created AWS account you have provided email and password, so when you are using this credentials to login, then you are using Root Account
The Root Account has full access to all resources in your AWS account, so with the root account access you can do anything in your AWS account.
It's Highly Recommended to do not use your root account for day to day administrative tasks, instead you should create users and groups in your account and assign them the appropriate policy based on their role.
Well, because we want to allow them to use our AWS accounts and to allow them to do so, we have to give them permissions.
So in AWS, we don't allow everyone to do everything that would be harmful, because a new user could basically launch so many services and they will cost you a lot of money or would be valid for security.
So in AWS, you apply a principle called the least privilege principle means don't give more permissions than a user needs.
In case, if a user just needs access to these services, just create a permission for that user.
That's it for this article, in very next article we will learn How to create an IAM user in AWS step by step.