Core IAM Components - Users, Groups, Roles, Policies
IAM is built around four core components:
1. Users
An IAM User represents a person or application with long-term credentials.
Production insight: You should avoid long-term credentials for applications. Use roles instead.
2. Groups
Groups are collections of users.
Architecturally, groups simplify permission management:
- Attach policy to group.
- Add users to group.
- Permissions scale automatically.
3. Roles
A Role is an identity with temporary credentials.
Roles are assumed by:
AWS services (EC2, Lambda)
- Applications
- External accounts
- Roles are fundamental to secure architecture because they eliminate static credentials.
Example: An EC2 instance assumes a role that allows access to S3. No hardcoded keys.
4. Policies
Policies define permissions.
They answer:
- What actions?
- On what resources?
- Under which conditions?
Policies are JSON documents evaluated by AWS.
Production insight: Always prefer:
- Least privilege
- Role-based access
- Avoid wildcard permissions (*) unless justified
In this section, I learned:
0 of 5 completed