Amazon Web Services (AWS) Identity and Access Management (IAM) is a directory service designed for tracking system users and providing ways of keeping track of information about how they get authenticated.
IAM helps keep track of two-factor authentication information and authorizations. For example, a business owner can create “users” for as many employees as she has that need to use a password or two-factor authentication. These passwords determine the permission for each user once they gain access to a system. AWS IAM controls which users are allowed in a system and what they can do when they get in.
Amazon IAM is intended for anyone with route access to an account who is responsible for managing a group or delegating privileges to manipulate a service, like a system administrator.
System administrators can use the AWS Management Console to set up and shut down instances, create account password policies (length, expiration, etc.) and permissions limiting user access to specific AWS resources and which operations a user can perform. They can also create groups, users and roles and assign privileges to each. Different groups can be assigned different privileges. For example, Group A can edit X, Y and Z without the ability to delete, while Group B can edit and delete all.
This process is more than just adding users. Administrators must routinely monitor the state of their IAM system to ensure that the correct people have the appropriate access and privileges. It’s imperative to think about long-term management. System administrators should know how to remove a user from the system once they leave the company and ensure policies are put in place to automatically back up buckets and removes access from these users to guarantee totally security.
AWS IAM is available as part of your AWS account at no extra cost.