IAM Idendity Access Management AWS

IAM is the area under aws console, where we create and manage user, groups and roles in addition to managing permission on them.

It is critical to understand this section of aws in great detail, as this is where we control the users and limit/allow their access based on user type.

below are the critical terms associated with IAM


An individual user who can sign in to console and/or access different devices over API key.


The group is a collection of users with one set of permission, used to set access control on the specific set of users. eg: HR users who have access limited to S3 bucket for file storage


Roles allow access to users or services, which does not generally have access to aws. Here an IAM user of aws service gets temporary access over API call.

Eg: EC2 instances can access S3 using a role


Basically permissions. We can attach a policy to a user group or role. Access control in a policy is managed by the policy document, which is JSON document.

AWS support multifactor authentication and root user(the user, which is used to create aws account) is always urged to use MFA (Multi-Factor Authentication)

IAM user sign in link

User sign in link can be seen on top of the page, which is in the pattern https://AccountNumber.signin.aws.amazon.com/console

The account number could be replaced by an available name, by clicking on the number



Leave a Reply