What is IAM?

Essentially, IAM allows you to manage users and their level of access to the AWS Console.

Entities of IAM?

  • Users – End Users (think people)
  • Groups – A collection of Users under one set of permissions
  • Roles – You create roles and can then be assign them to AWS resources
  • Policies – A document that defines one (or more permissions). Can be attached to User/Group/Role.

Is IAM a Global Service?


What is the root account?

This is the email address used to sign up in AWS.
Unlimited access to do things in the AWS Cloud.

Which permissions have new users when created?

New users have NO permissions when first created

What is the difference between access keys and user/password?

You cannot use the Access Key ID and Secret Key to login in the console. You can use this to access AWS via the APIs and CLI.