Start Amazon AWS with IAM – Part 2

Let’s start the amazon AWS journey with IAM service. IAM (Identity Access Management) is web service which provides the access to Amazon AWS console and helps you securely control access to AWS resources for your users. If you would like to start learning about AWS , IAM is the first component which is exposed at the beginning of AWS journey. Identity Access Management allows you to manage users and their level of access to the AWS console. It is important to understand IAM and how it works  for administrating a companies AWS account in real life. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization).




IAM provides/supports:

  • Centralized Control of AWS account
  • Integrates with Many different AWS Services
  • Granular Permissions
  • Identity Fedraration which includes Active Directroy/ LDAP.
  • Multifactor Authentication
  • Provide temporary access for users/devices and services where necessary
  • Allows you to set up your own password rotation policy
  • Shared  Access to your AWS account
  • Supports PCI DSS compliance.


You need to understand few terms about IAM . This is not different from what we have seen in Unix account management/ Windows AD account management.


An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.




An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. A Collection of users under one of permissions or access to specific set of up resources.

IAM - Groups
IAM – Groups



An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.  You create roles and can then assign them to AWS resources.




To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions.Policies are documents that are created using JSON. A policy consists of one or morestatements, each of which describes one set of permissions.

IAM - Policy
IAM – Policy


Hope you have basic idea about the Amazon AWS IAM . Off-course reading the theory will not give you any sort of confidence on AWS. In the upcoming article ,we will see that how to get access to free Amazon AWS account . You need to provide the credit card details in an order to get the AWS account even though single instance is free for one year.

Note: Notes and Images are taken from 

Share it ! Comment it !! Be Sociable .