What is AWS IAM? AWS IAM stands for Amazon Web Services (AWS) Identity and Access Management (IAM). AWS IAM provides identity management capabilities for AWS customers by enabling IT administrators to control which users have permission to access various AWS resources and the type of actions they can perform.
AWS IAM leverages three core objects for managing AWS identities and access: Users, Groups, and Permissions. Users represent actual AWS customers and are used to authenticate individual user identities and provision access. Groups are a collection of users, which allow admins to manage multiple users at once. Finally, Permissions determine which AWS resources a particular user or a group of users has permission to access and the actions they can perform.
Why AWS IAM?
The purpose of AWS IAM is to help IT administrators manage AWS user identities and their varying levels of access to AWS resources. For example, AWS users can be created and assigned individual security credentials (e.g. passphrases, SSH keys, MFA), granted permission to access AWS, or removed at any time.
In doing so, organizations gain granular control over who has permission to access their AWS resources, which resources are available, and the actions authorized users can perform within their provisioned resources.
The result is a more secure and efficient approach for connecting AWS users to the AWS resources they need to succeed. With 90+ fully featured resources and utilities currently available from AWS, it’s easy to see why having the ability to manage access is critical.
Limitations of AWS IAM
AWS IAM is certainly the best solution for managing AWS user identities. However, it is limited by the fact that AWS IAM is only for managing AWS user identities. Additional solutions will be required to manage access to AWS servers (e.g. AWS Directory Service), not to mention the huge number of resources that fall outside of AWS.
Common examples of resources that fall outside of AWS include user identities from other cloud providers (e.g. G Suite, Office 365, Azure), systems (Windows, Mac, Linux), cloud applications (e.g. Box, Zendesk, Salesforce), on-prem applications (e.g. (Read more...)