Some notes I have taken down for the AWS Solutions Architect Associate Exam.
- IAM is Global it is not tied down to a region.
- Amazons version of Active Directory.
- You can define User, Role or Group Policies.
- Policies can be added to a Groups, Users and Roles.
- Can be integrated with Microsoft Active Directory.
- Allows you to manage access to Compute, Storage, DB and Application Services.
- Can be defined to only allow users access to what they require.
- Multi Factor Authentication can be configured with AWS.
- New Users have no access when first created. Users will need to be added to a group, given a role or have permissions set once the account is created.
- You can create and customize your own password rotation policies, setting the passwords to expire every 90 days and also the complexity of the passwords.
This can be configured along side IAM to log information about who made requests to access specific resources in your AWS account.
Unlike some of the other Services provided by AWS, IAM is free to use and can be integrated with other services.
IAM can be accessed through different methods such as the Web Console, Command Line tools, AWS SDKs and IAM HTTPS API.