Basics
- Provides centralized control of aws account
- Shared access to AWS account
- Granular permissions
- Identitfy federation, allows users to log in using active directory, facebook, linkedin
- Multi-factor Authentication: multiple layers of authentication mechanisms

Permissions
- Users or Groups can be assigned JSON documents called policies
- These policies define the permissions of users
- In AWS you apply the least privilege principle: Don’t give more permission than a user needs
Policies Structure
- Consists of
- Version
- Id: an identifier for policy (optional)
- Statement: one or more individual statements (required)
- Statements consist of
- Sid: an identifier for the statement (optional)
- Effect: whether the statement allows or denies access (Allow, Deny)
- Principal: account/user/role to which this policy applied to
- Action: list of actions this policy allows or denies
- Resource: list of resources to which the actions applied to
- Condition: conditions for when this policy is in effect (optional)
IAM Roles
- AWS service need to perform actionso n your behalf
- To do so, we assign permissions to AWS services with IAM roles