Definition: An entity representing a person or service that interacts with AWS resources.
Capabilities
Access Key ID and Secret Access Key: Used for accessing AWS API, CLI, SDK, and other development tools. Management Console Access: Password: Used to log into the AWS Management Console. Default Access
No Access by Default: New users cannot access any resources until explicitly granted permissions. Root User
Credentials: Email address and password used to create the account. Permissions: Full administrative permissions by default, cannot be restricted. Avoid Using Root User: Use root credentials only for essential account and billing functions. Do Not Share Root Credentials: Keep root user credentials private. Create IAM Users for Admin Tasks: Assign administrative permissions to IAM users instead. Enable MFA for Root User: Add an extra layer of security. Service Accounts
Definition: IAM users created to represent applications are known as service accounts. Limits and Identification
User Limit: Up to 5000 IAM users per AWS account. Friendly Name: User-friendly identifier for the IAM user. ARN (Amazon Resource Name): Unique identifier for the user across AWS. Unique ID: Created when the user is created using the API, Tools for Windows PowerShell, or AWS CLI. Best Practices
Individual Accounts: Create individual IAM accounts for each user. Avoid sharing accounts. Access Key ID and Secret Access Key: Used for programmatic access, cannot be used to log into the console. Access Key Creation: Can only be generated once. Must be regenerated if lost. Definition: Enforce policies on password length, complexity, and rotation for all users. Password Change Permissions: Controlled via IAM policies, can allow or disallow users to change their passwords. Regular Changes: Access keys and passwords should be changed regularly to maintain security.
IAM Users
