Identity and Access Management (IAM) in Amazon Web Services (AWS)
Last Updated :
03 Mar, 2025
Identity and Access Management (IAM) manages Amazon Web Services (AWS) users and their access to AWS accounts and services. It controls the level of access a user can have over an AWS account & sets users, grant permission, and allows a user to use different features of an AWS account.
Identity and access management is mainly used to manage users, groups, roles, and Access policies The account we created to sign in to Amazon web services is known as the root account and it holds all the administrative rights and has access to all parts of the account. The new user created an AWS account, by default they have no access to any services in the account & it is done with the help of IAM that the root account holder can implement access policies and grant permission to the user to access certain services.
Why do we use IAM?
We use IAM (Identity and Access Management) in AWS to securely manage who can access your resources and what they can do with them.
1. User Control
IAM lets you create users and groups, giving each one specific permissions.
2. Security
It ensures users only have access to what they need, reducing security risks.
3. Access Management
IAM allows you to control who can view or modify resources.
You can enable multi-factor authentication (MFA) for added protection.
5.Resource Protection
IAM helps prevent unauthorized changes to your critical infrastructure.
How IAM Works?
IAM verifies that a user or service has the necessary authorization to access a particular service in the AWS cloud. We can also use IAM to grant the right level of access to specific users, groups, or services. For example, we can use IAM to enable an EC2 instance to access S3 buckets by requesting fine-grained permissions.
IAM WorkingWhat does IAM do?
With the help of IAM, we perform the following
IAM Identities
IAM Identities assists us in controlling which users can access which services and resources in the AWS Console and also we can assign policies to the users, groups, and roles. The IAM Identities can be created by using the Root user
IAM Identities Classified As
- IAM Users
- IAM Groups
- IAM Roles
Root user
The root user will automatically be created and granted unrestricted rights. We can create an admin user with fewer powers to control the entire Amazon account.
IAM Users
We can utilize IAM users to access the AWS Console and their administrative permissions differ from those of the Root user and if we can keep track of their login information.
Example
With the aid of IAM users, we can accomplish our goal of giving a specific person access to every service available in the Amazon dashboard with only a limited set of permissions, such as read-only access. Let's say user-1 is a user that I want to have read-only access to the EC2 instance and no additional permissions, such as create, delete, or update. By creating an IAM user and attaching user-1 to that IAM user, we may allow the user access to the EC2 instance with the required permissions.
IAM Groups
A group is a collection of users, and a single person can be a member of several groups. With the aid of groups, we can manage permissions for many users quickly and efficiently.
Example
Consider two users named user-1 and user-2. If we want to grant user-1 specific permissions, such as the ability to delete, create, and update the auto-calling group only, and if we want to grant user-2 all the necessary permissions to maintain the auto-scaling group as well as the ability to maintain EC2, we can create groups and add this user to them. If a new user is added, we can add that user to the required group with the necessary permissions.
IAM Roles
While policies cannot be directly given to any of the services accessible through the Amazon dashboard, IAM roles are similar to IAM users in that they may be assumed by anybody who requires them. By using roles, we can provide AWS Services access rights to other AWS Services.
Example
Consider Amazon EKS. In order to maintain an autoscaling group, AWS eks needs access to EC2 instances. Since we can't attach policies directly to the eks in this situation, we must build a role and then attach the necessary policies to that specific role and attach that particular role to EKS.
IAM Policies
IAM Policies can manage access for AWS by attaching them to the IAM Identities or resources IAM policies defines permissions of AWS identities and AWS resources when a user or any resource makes a request to AWS will validate these policies and confirms whether the request to be allowed or to be denied. AWS policies are stored in the form of Jason format the number of policies to be attached to particular IAM identities depends upon no.of permissions required for one IAM identity. IAM identity can have multiple policies attached to them.
IAM Features
Shared Access to your Account: A team working on a project can easily share resources with the help of the shared access feature.
- Free of cost: IAM feature of the Aws account is free to use & charges are added only when you access other Amazon web services using IAM users.
- Have Centralized control over your Aws account: Any new creation of users, groups, or any form of cancellation that takes place in the Aws account is controlled by you, and you have control over what & how data can be accessed by the user.
- Grant permission to the user: As the root account holds administrative rights, the user will be granted permission to access certain services by IAM.
- Multifactor Authentication: Additional layer of security is implemented on your account by a third party, a six-digit number that you have to put along with your password when you log into your accounts.
Conclusion
To wrap things up, IAM (Identity and Access Management) in AWS is a crucial tool for managing who has access to your resources and what they can do with them. It helps keep your AWS environment secure by ensuring that only the right people have access to the right services. Whether you're a small business or a large organization, IAM allows you to set specific permissions for users, groups, and roles, making it a flexible and secure solution for managing access. With features like multi-factor authentication (MFA), centralized control, and the ability to share resources, IAM is key to protecting your cloud infrastructure and keeping things running smoothly.
Similar Reads
Amazon Web Services (AWS) Tutorial
Amazon Web Service (AWS) is the world’s leading cloud computing platform by Amazon. It offers on-demand computing services, such as virtual servers and storage, that can be used to build and run applications and websites. AWS is known for its security, reliability, and flexibility, which makes it a
13 min read
Introduction to Amazon Web Services
Amazon Web Services (AWS) is one of the world's leading cloud platforms in providing the web services of various domains. AWS follows the trends of digital IT and comes up needy services with optimized performances covering a wide range of services from Compute to Storage. It covers a wider range of
12 min read
Amazon Web Services (AWS) - Free Tier Account Set up
Amazon Web Service (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers, including the fastest-growing startups, largest enterprises, and leading government agencies, are using AWS to l
5 min read
AWS Machine Learning Services
AWS Management and Monitoring