Hii guys, this is my very first post here and yaayy I'm really excited to have signed up for this platform. Coming to the point, I have decided to prepare for AWS certified Solutions Architect Associate exam(SAA03). So, starting from today I'm prepping up myselves and I also thought, why not share it other people who also want to learn about cloud, providing students like me with guidance and resources which I did not receive and was unaware of.
So, hey that's it..from today I will share with you what I learnt in that day about different services. Our first service here today is "IAM".
Security is the foundation of any cloud environment, and in AWS, everything begins with IAM. Whether you're deploying an EC2 instance, setting up a database, or creating a serverless app, IAM determines who can do what inside your AWS account.
This blog takes you from absolute basics all the way to advanced real-world practices, including policies, roles, permissions boundaries, cross-account access, and enterprise-grade security models.
What Is IAM?
AWS IAM (Identity and Access Management) is a service that helps you securely control:
- Who can access your AWS resources
- What actions they can perform
- Which services or resources they can interact with
- How they can authenticate
Think of IAM as the security gatekeeper for your AWS environment.
Why IAM Matters
IAM prevents:
Unauthorized access
Data loss
Misuse of services
Cloud account compromise
Security breaches
Most AWS vulnerabilities happen due to misconfigured IAM permissions — not the services themselves.
IAM Core Building Blocks
IAM is built using four main components:
1.IAM Users
A user represents, a real person (developer, admin, tester) or a software application that needs AWS access
Users have:
Login password (optional)
Access keys (optional)
Permissions (via policies)
2.IAM Groups
Groups help you bundle users with similar responsibilities.
Examples:
Developers, Admins, FinanceTeam, DevOps
Instead of assigning permissions individually, you assign them once to the group.
3.IAM Roles
Roles are the most important IAM concept.
A role is an “identity with permissions but without long-term credentials.”
Roles are used by:
AWS services (EC2, Lambda, ECS, Glue…)
Users during temporary privilege escalation
External identities (Google, Azure AD, Okta)
4.IAM Policies
Policies define permissions using JSON documents.
Example policy:
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-bucket"
}
Policies answer three questions:
Question Defined By
What action is allowed? Action
On which service/resource? Resource
Allowed or denied? Effect
How IAM Authorization Actually Works
IAM evaluates policies in this order:
Implicit Deny - Everything is denied unless explicitly allowed.
Explicit Allow - If a policy allows the action → allowed unless there's an explicit deny.
Explicit Deny - Overrides everything.
This is why “deny policies” are powerful for blocking access.
Authentication Options in IAM
Password (Console access) - Used for human logins.
Access Keys (CLI / SDK access) - Never commit these to GitHub.
MFA (Multi-Factor Authentication) - Highly recommended for every user.
Okay, peeps that's it for today..I will see ya tomorrow
Top comments (0)