Considering that the root user of the account and the trusted AWS account are the same and have full access.
However, if you need to enable the group, team, or organization with restricted access, one must use the IAM AWS service. Giving the only or least amount of permission necessary to complete the mission or accomplish the task is the advised course of action.
If only one user or identity is associated with an AWS account, and they compromised the password, the malfunction of the account as a whole result. For example, We cannot restrict the permission of the root user of the AWS account.
IAM must provide three distinct identity categories.
- IAM User - Applications and users require access to AWS services.
- IAM group - A group of related users who needs access to AWS services.
- IAM roles - AWS services or external access to control use IAM roles. Grant your account access to AWS services.
Roles are mostly used when there is uncertainty. As an illustration, use a Simple Storage bucket for all EC2 instances.
IAM aws service offers three main jobs.
- An identity provider(IDP) let you create, modify, and delete your identity.
- Authenticate - IAM authenticate the user who login. Prove who you claim to be.
- Authorise - Allow or deny access to the AWS service.
With all, to use this AWS service there is no cost associated with it.
Thankyou adriancantrill
I like this blog from spacelift.io on the same concept, I hope you would also like it
Top comments (0)