Last updated
IAM: Security & Access
Definition: AWS Identity and Access Management (IAM) controls who can do what in your AWS account. It is the foundation of AWS security, and you use it from day one.
The building blocks
- Users — individual people or applications
- Groups — collections of users with shared permissions
- Roles — temporary permissions that services or users can assume
- Policies — JSON documents that say exactly what is allowed or denied
The golden rule: least privilege
Give every user and service the minimum permissions they need — nothing more. This limits the damage if credentials are ever leaked.
Essential safety steps
- Turn on multi-factor authentication (MFA), especially for the root account
- Never share long-lived access keys; prefer roles
- Avoid using the root account for daily work
💡 Takeaway: most AWS security incidents come from over-broad permissions. Master IAM and least privilege and you avoid the biggest risks.
Ad · responsive