"AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM provides the infrastructure necessary to control authentication and authorization for your AWS accounts."
In AWS Identity and Access Management (IAM), Users and Groups are fundamental components for managing access to AWS resources.
IAM User
A unique identity within an AWS account, associated with specific permissions. Users have long-term credentials (username, password, access keys) to authenticate and interact with AWS services. Each user can be assigned different permissions for resource access.
IAM Group
A collection of IAM users with shared permissions. Instead of assigning permissions individually to each user, you assign them to a group, and then users inherit those permissions. Groups simplify user management by grouping related users (e.g., Super Admin, Admins, Developers, Full S3 Access, Accounting, etc).
Common IAM Groups
Groups in IAM are used to assign a set of permissions to a group of users, rather than to assign permissions individually to each user. This simplifies management.
Administrators
- Permissions: Full access to all AWS resources.
- Use case: Users who need full administrative access to manage AWS resources and services.
- Policy Example: AdministratorAccess
- Suggested Group Name: Admins
Power Users
- Permissions: Similar to admins but without permission to manage IAM (Identity and Access Management) itself.
- Use case: Users who need nearly full access but not control over IAM settings and user management.
- Policy Example: PowerUserAccess
- Suggested Group Name: PowerUsers
Read-Only Users
- Permissions: Read-only access to all AWS resources.
- Use case: Users who only need to view resources and settings but cannot modify anything.
- Policy Example: ReadOnlyAccess
- Suggested Group Name: ReadOnly
S3 Bucket Access
- Permissions: Access to specific S3 buckets and their contents.
- Use case: Users who need to manage or access specific S3 buckets.
- Policy Example: AmazonS3FullAccess or custom S3 policies restricting access to specific buckets.
- Sugested Group Name: S3Users
Review a complete list of all Common AWS IAM Groups
We have created a list of the most Common AWS IAM Groups, follow here.
In summary
IAM Users represent individual entities with access to AWS, while IAM Groups help organize users and manage permissions efficiently.
