- IAM is a Service offered by the AWS which is Global Service
- Iam is free to use for Life time. No cost at all
- IAM stands for Identity and Access Management
- IAM is available in AWS under Security, Identity, & Compliance Section/category of services.
- With IAM you can create Multiple users in your AWS Accounts, You can assign Permissions to users using Policies
- You can Create to User groups and Assign Permissions using Policies and you can add users to this groups, with this all the users added to groups are having same Permissions
Example : Developer Group ; then you can add DEV1-User, DEV2-User, Dev3-User to group
- You can create your own Policies, Roles to handle custom needs.
- You can use IAM to control who is authenticated (sign in) and authorized (has permissions) to use AWS resources.
- In simple words, It is a User Control Center, to create users and add permission to users to use the aws services in a secured and formal way.
- Only Root User Can able to Create, Delete, Update(Passwords) the IAM Users
- AWS Always Recommends to use IAM user account always for tasks/works instead of Root user account because it may lead to Security issues.
Tasks that require root user credentials(AWS Recommended) :
- Change your account settings
- Restore IAM user permissions.
- Configure MFA
- Delete S3 bucket(Storage Service)
- Close your AWS account
- Register as a seller in the Reserved Instance Marketplace.
- Activate IAM access to the Billing and Cost Management console. (By default IAM users don’t have permission to Billing Dashboard so with Root user account you have to enable).
- Sign up for GovCloud.
Few Others :
- To Create Top Level Users/Groups (Administrator IAM users also can able to create users)
Read More :
1. https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
2. https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html#aws_tasks-that-require-root