Back to course

IAM: Users, Groups, and Policies

AWS Cloud Practitioner to Architect: 0 to Hero

Identity and Access Management (IAM)

IAM is used to manage access to AWS services securely. It is a global service.

Core Components:

  • Users: Represents a person or service (Physical person).
  • Groups: A collection of users. Policies applied to a group apply to all users in that group.
  • Policies: JSON documents that define permissions (Allow/Deny).
  • Roles: Temporary identities for services (like EC2) or users to assume.

Best Practice:

Least Privilege Principle: Give users only the minimum permissions they need to do their job.