AWS Identity and Access Management (IAM)

Amazon Web Services (AWS) Identity and Access Management (IAM) is a directory service designed to track users on your system and provide a way to keep track of information about authentication methods.

IAM helps you track double credentials and permissions. For example, a business owner can create many “users” as employees who use passwords or dual authentication. These passwords determine permissions after each user has access to the system. AWS IAM controls the users that your plan allows and what they can do when they enter.

Amazon IAM is for anyone who has access to the path of an account that is responsible for managing groups and delegating authority to operate services, such as system administrators.

Administrators use the AWS Management Console to set up and terminate instances, generate account password policies (length, expiration date, etc.), user access to specific AWS resources, and user execution. You can create permissions that limit what you can do. You can also create groups, users, and roles and assign permissions to each. You can set different permissions to other groups. For example, Group A does not have the delete function, and you can edit X, Y, Z, while Group B can edit and delete them all.

This process is not just adding users. Administrators should regularly monitor the health of the IAM system to ensure that the appropriate users have the appropriate access and permissions. It is essential to think long term management. System administrators need to know how to remove users from the system when they leave the company. You should also ensure that you have policies in place that automatically back up your buckets and remove access for these users to ensure complete security.

AWS IAM is available at no additional cost as part of your AWS account.