IAM Survival Guide

You may want to skip this section if you’re already familiar with IAM. However, if you’re unfamiliar with it, we recommended you equip yourself with some basic knowledge of the service because IAM is at the foundation of nearly everything you do with AWS.

Main Ideas

  • Interactions with AWS require both:

    • Authentication: Who or what requesting access is who they claim to be.
    • Authorization: The actions that are allowed or denied.
  • AWS provides and uses a service called Identity and Access Management (IAM) to accomplish authentication and authorization.

  • IAM implements authentication with Principals, which are entities such as IAM users, federated users from Google, Facebook, etc, IAM roles, AWS accounts, and AWS services.

  • IAM implements authorization with JSON documents called Policies.

  • As you learn about IAM policies, you may start to fall asleep. In that case, put your study in PARC:

    • Principal: The entity that is allowed or denied access.
    • Action: The type of access that is allowed or denied.
    • Resource: The AWS resources the action will act upon.
    • Condition: The conditions for which the access is valid.
  • IAM principals use credentials to interact with AWS. Credentials are a pair of special strings called an access key ID and secret access key.