Domains
Agile Management
Master Agile methodologies for efficient and timely project delivery.
View All Agile Management Coursesicon-refresh-cwCertifications
Scrum Alliance
16 Hours
Best Seller
Certified ScrumMaster (CSM) Certification
Scrum Alliance
16 Hours
Best Seller
Certified Scrum Product Owner (CSPO) Certification
Scaled Agile
16 Hours
Trending
Leading SAFe 6.0 Certification
Scrum.org
16 Hours
Professional Scrum Master (PSM) Certification
Scaled Agile
16 Hours
SAFe 6.0 Scrum Master (SSM) Certification
Advanced Certifications
Scaled Agile, Inc.
32 Hours
Recommended
Implementing SAFe 6.0 (SPC) Certification
Scaled Agile, Inc.
24 Hours
SAFe 6.0 Release Train Engineer (RTE) Certification
Scaled Agile, Inc.
16 Hours
Trending
SAFe® 6.0 Product Owner/Product Manager (POPM)
IC Agile
24 Hours
ICP Agile Certified Coaching (ICP-ACC)
Scrum.org
16 Hours
Professional Scrum Product Owner I (PSPO I) Training
Masters
32 Hours
Trending
Agile Management Master's Program
32 Hours
Agile Excellence Master's ProgramOn-Demand Courses
Agile and ScrumRoles
Scrum MasterTech Courses and Bootcamps
Full Stack Developer BootcampAccreditation Bodies
Scrum Alliance
Scaled Agile, Inc.
Scrum.org
ICAgile
PMI
Top Resources
Scrum TutorialProject Management
Gain expert skills to lead projects to success and timely completion.
View All Project Management Coursesicon-standCertifications
PMI
36 Hours
Best Seller
Project Management Professional (PMP) Certification
Axelos
32 Hours
PRINCE2 Foundation & Practitioner Certification
Axelos
16 Hours
PRINCE2 Foundation Certification
Axelos
16 Hours
PRINCE2 Practitioner Certification
Skills
Change ManagementMasters
Job Oriented
45 Hours
Trending
Project Management Master's Program
University Programs
45 Hours
Trending
Project Management Master's ProgramOn-Demand Courses
PRINCE2 Practitioner CourseRoles
Project ManagerAccreditation Bodies
PMIAxelos
Scrum AllianceTop Resources
Theories of MotivationCloud Computing
Learn to harness the cloud to deliver computing resources efficiently.
View All Cloud Computing Coursesicon-cloud-snowingCertifications
AWS
32 Hours
Best Seller
AWS Certified Solutions Architect - Associate
AWS
32 Hours
AWS Cloud Practitioner CertificationAWS
24 Hours
AWS DevOps CertificationMicrosoft
16 Hours
Azure Fundamentals Certification
Microsoft
24 Hours
Best Seller
Azure Administrator CertificationMicrosoft
45 Hours
Recommended
Azure Data Engineer CertificationMicrosoft
32 Hours
Azure Solution Architect CertificationMicrosoft
40 Hours
Azure DevOps CertificationAWS
24 Hours
Systems Operations on AWS Certification TrainingAWS
24 Hours
Developing on AWSMasters
Job Oriented
48 Hours
New
AWS Cloud Architect Masters Program
Bootcamps
Career Kickstarter
100 Hours
Trending
Cloud Engineer Bootcamp
Roles
Cloud EngineerOn-Demand Courses
AWS Certified Developer Associate - Complete GuideAuthorized Partners of
AWSMicrosoft
Top Resources
Scrum TutorialIT Service Management
Understand how to plan, design, and optimize IT services efficiently.
View All DevOps Coursesicon-git-commitCertifications
Axelos
16 Hours
Best Seller
ITIL 4 Foundation Certification
Axelos
16 Hours
ITIL Practitioner Certification
PeopleCert
16 Hours
ISO 14001 Foundation Certification
PeopleCert
16 Hours
ISO 20000 CertificationPeopleCert
24 Hours
ISO 27000 Foundation CertificationAxelos
24 Hours
ITIL 4 Specialist: Create, Deliver and Support Training
Axelos
24 Hours
ITIL 4 Specialist: Drive Stakeholder Value TrainingAxelos
16 Hours
ITIL 4 Strategist Direct, Plan and Improve TrainingOn-Demand Courses
ITIL 4 Specialist: Create, Deliver and Support ExamTop Resources
ITIL Practice TestData Science
Unlock valuable insights from data with advanced analytics.
View All Data Science Coursesicon-dataBootcamps
Job Oriented
6 Months
Trending
Data Science Bootcamp
Job Oriented
289 Hours
Data Engineer Bootcamp
Job Oriented
6 Months
Data Analyst Bootcamp
Job Oriented
288 Hours
New
AI Engineer Bootcamp
Skills
Data Science with PythonRoles
Data ScientistOn-Demand Courses
Data Analysis Using ExcelTop Resources
Machine Learning TutorialDevOps
Automate and streamline the delivery of products and services.
View All DevOps Coursesicon-terminal-squareCertifications
DevOps Institute
16 Hours
Best Seller
DevOps Foundation Certification
CNCF
32 Hours
New
Certified Kubernetes Administrator
Devops Institute
16 Hours
Devops LeaderSkills
KubernetesRoles
DevOps EngineerOn-Demand Courses
CI/CD with Jenkins XGlobal Accreditations
DevOps Institute
Top Resources
Top DevOps ProjectsBI And Visualization
Understand how to transform data into actionable, measurable insights.
View All BI And Visualization Coursesicon-microscopeBI and Visualization Tools
Certification
24 Hours
Recommended
Tableau Certification
Certification
24 Hours
Data Visualization with Tableau Certification
Microsoft
24 Hours
Best Seller
Microsoft Power BI Certification
TIBCO
36 Hours
TIBCO Spotfire Training
Certification
30 Hours
Data Visualization with QlikView CertificationCertification
16 Hours
Sisense BI Certification
On-Demand Courses
Data Visualization Using Tableau TrainingTop Resources
Python Data Viz LibsCyber Security
Understand how to protect data and systems from threats or disasters.
View All Cyber Security Coursesicon-refresh-cwCertifications
CompTIA
40 Hours
Best Seller
CompTIA Security+
EC-Council
40 Hours
Certified Ethical Hacker (CEH v12) Certification
ISACA
22 Hours
Certified Information Systems Auditor (CISA) Certification
ISACA
40 Hours
Certified Information Security Manager (CISM) Certification
(ISC)²
40 Hours
Certified Information Systems Security Professional (CISSP)
(ISC)²
40 Hours
Certified Cloud Security Professional (CCSP) Certification
16 Hours
Certified Information Privacy Professional - Europe (CIPP-E) Certification
ISACA
16 Hours
COBIT5 Foundation
16 Hours
Payment Card Industry Security Standards (PCI-DSS) Certification
On-Demand Courses
CISSPTop Resources
Laptops for IT SecurityWeb Development
Learn to create user-friendly, fast, and dynamic web applications.
View All Web Development Coursesicon-codeBootcamps
Career Kickstarter
6 Months
Best Seller
Full-Stack Developer Bootcamp
Job Oriented
3 Months
Best Seller
UI/UX Design Bootcamp
Enterprise Recommended
6 Months
Java Full Stack Developer Bootcamp
Career Kickstarter
490+ Hours
Front-End Development Bootcamp
Career Accelerator
4 Months
Backend Development Bootcamp (Node JS)
Skills
ReactOn-Demand Courses
Angular TrainingTop Resources
Top HTML ProjectsBlockchain
Understand how transactions and databases work in blockchain technology.
View All Blockchain Coursesicon-stop-squareBlockchain Certifications
40 Hours
Blockchain Professional Certification
32 Hours
Blockchain Solutions Architect Certification
32 Hours
Blockchain Security Engineer Certification
24 Hours
Blockchain Quality Engineer Certification
5+ Hours
Blockchain 101 Certification
On-Demand Courses
NFT Essentials 101: A Beginner's GuideTop Resources
Blockchain Interview QsProgramming
Learn to code efficiently and design software that solves problems.
View All Programming Coursesicon-codeSkills
Python CertificationInterview Prep
Career Accelerator
3 Months
Software Engineer Interview Prep
On-Demand Courses
Data Structures and Algorithms with JavaScriptTop Resources
Python Tutorial
What is IAM in AWS?
Define AWS IAM
AWS IAM (Identity and Access Management) is a web service facilitated by Amazon that helps the user in securely controlling access to the resources of AWS. IAM can be used to control who gets authenticated to sign-in and who gets the authorization (has permissions) to use the resources provisioned by AWS.
An IAM role can be created with the help of AWS Management Console, AWS CLI, Tools for Windows PowerShell or IAM API.
If AWS Management Console is used to create an IAM role, a wizard guides the user through the entire steps. The steps while using the Console are slightly different in comparison to other methods.
AWS IAM Identities
IAM identities are created to provide authentication to people and process in the AWS accounts.
IAM root user
When an AWS account is created for the first time, the user signs in with a single identity which has access to all the AWS services and resources in the account. This identity is known as ‘AWS account root user’. This root user can be accessed by signing in with the email address and password that was used while creation of the account.
The root user is not recommended to be used for everyday tasks, not even the administrative ones. The root user has to be securely locked away and used only to perform specific account and service management related tasks.
IAM user
The entity which is created in the AWS account is an IAM user, which represents a person or a service that uses IAM user to interact with AWS. One of the uses of IAM users is to provide people the ability to sign into their AWS Management Console to perform interactive task and programmatic request to other Amazon services with the help of an API or using the CLI.
A user has a name, a password that is used to sign into the AWS Management Console and about 2 access keys which can be used in conjunction with the API or CLI. When an IAM user is created, it can be granted certain permissions after it has been made as a member if a group which has the appropriate permission policies attached to it, or by directly attaching the policies to the user.
Permissions can be cloned from an existing IAM user which will automatically make the new user as a member of the same group, and attaches the policies to the user.
IAM group
It is a collection of IAM users, which is made to specify permissions for a specific collection of users. This makes it easy to manage the permissions for those users. If a permission is assigned to a group, any user of that group automatically has the same permissions.
AWS IAM Roles
IAM role is similar to user, since it is an identity which provides permission policies which are used to determine the operations which the identity can do within AWS. A role doesn’t have any credentials, such as password or access keys attached to it. It can be uniquely associated with a user since a role is basically used to be assumed by a user for a specific task or when need. An IAM user can assume a specific role to be granted specific permissions to perform specific tasks. A role can be assigned to a federated user who can sign in with the help of an external identity provider instead of using IAM. AWS uses the details passed via the identity provider so as to determine the role that can be mapped to the federated user.
An application that runs on Amazon Elastic Cloud Compute (EC2) instance and makes requests to AWS: An IAM role can be created that can be attached to the EC2 instance so as to provide temporary security credentials to the applications which run on this instance. When an application uses these credentials in AWS, it gets the ability to perform all operations that would be allowed by the policies which are attached to the role.
An application that runs on mobile and makes requests to AWS: An identity provider such as Login with Amazon, or Amazon Cognito or Facebook or Google can be used to authenticate users and map them to an IAM role. Applications can be used to provide the role with temporary security credentials which have the required permissions (based on the policies that are attached to the role).
Conclusion
In this post, we understood the different identities which can be assigned to an IAM user.