Skip to content
1. AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM)
IAM Elements
IAM Authentication Methods
IAM Users
IAM Groups
IAM Roles
IAM Policy
Permission Boundary
IAM Policy Evaluation Logic
IAM Best Practices
Misc
Share
Explore

IAM Users

Definition: An entity representing a person or service that interacts with AWS resources.
Capabilities
Programmatic Access:
Access Key ID and Secret Access Key: Used for accessing AWS API, CLI, SDK, and other development tools.
Management Console Access:
Password: Used to log into the AWS Management Console.
Default Access
No Access by Default: New users cannot access any resources until explicitly granted permissions.
Root User
Credentials: Email address and password used to create the account.
Permissions: Full administrative permissions by default, cannot be restricted.
Best Practices:
Avoid Using Root User: Use root credentials only for essential account and billing functions.
Do Not Share Root Credentials: Keep root user credentials private.
Create IAM Users for Admin Tasks: Assign administrative permissions to IAM users instead.
Enable MFA for Root User: Add an extra layer of security.
Service Accounts
Definition: IAM users created to represent applications are known as service accounts.
Limits and Identification
User Limit: Up to 5000 IAM users per AWS account.
Identification:
Friendly Name: User-friendly identifier for the IAM user.
ARN (Amazon Resource Name): Unique identifier for the user across AWS.
Unique ID: Created when the user is created using the API, Tools for Windows PowerShell, or AWS CLI.
Best Practices
Individual Accounts: Create individual IAM accounts for each user. Avoid sharing accounts.
Access Key vs Password:
Access Key ID and Secret Access Key: Used for programmatic access, cannot be used to log into the console.
Access Key Creation: Can only be generated once. Must be regenerated if lost.
Password Policy:
Definition: Enforce policies on password length, complexity, and rotation for all users.
Password Change Permissions: Controlled via IAM policies, can allow or disallow users to change their passwords.
Regular Changes: Access keys and passwords should be changed regularly to maintain security.

image.png
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.