AWS Identity and Access Management (IAM) Service

A AWS Identity and Access Management (IAM) is a cloud identity and access management platform that facilitates the creation of access control systems (to manage AWS resource access and permissions).

• AKA: AWS IAM, AWS Identity Services, AWS Access Control Platform.
• Context:
  • It can typically manage IAM Identity through user management.
  • It can typically control IAM Permission through policy management.
  • It can typically enforce IAM Access through role management.
  • It can typically secure AWS Resource through permission boundary.
  • It can typically maintain AWS Security through access policy.
  • ...
  • It can often facilitate Federation through identity providers.
  • It can often enable Single Sign-On through AWS SSO service.
  • It can often support Cross-Account Access through role assumption.
  • It can often implement Access Analysis through IAM Access Analyzer.
  • ...
  • It can range from being a Basic IAM Setup to being an Enterprise IAM Implementation, depending on its organizational scale.
  • It can range from being a Single-Account IAM to being an Organization-Wide IAM, depending on its account structure.
  • ...
  • It can integrate with Active Directory for enterprise authentication.
  • It can connect to Third-Party Identity Providers for federated access.
  • It can support AWS Security Services for security monitoring.
  • ...
• Examples:
  • IAM Identity Types, such as:
    • IAM User for individual access.
    • IAM Role for temporary access.
    • IAM Group for collective access.
  • IAM Policy Types, such as:
    • Identity-Based Policy for direct permission.
    • Resource-Based Policy for resource permission.
    • Permission Boundary for permission limit.
  • IAM Access Types, such as:
    • Programmatic Access for API usage.
    • Console Access for web interface.
    • Federation Access for external user.
  • ...
• Counter-Examples:
  • Azure Active Directory, which serves microsoft azure platform.
  • Google Cloud IAM, which manages google cloud platform.
  • On-Premises IAM System, which lacks cloud-native integration.
• See: AWS Organizations, AWS Control Tower, AWS Directory Service, AWS Security Hub.

References

2017

• https://aws.amazon.com/iam/
  • QUOTE: AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

    IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.

2014

• http://en.wikipedia.org/wiki/Amazon_Web_Services#Management
  • Amazon Identity and Access Management (IAM) is an implicit service, the authentication infrastructure used to authenticate access to the various services.