IAM

Introduction

IAM stands for "Identity and Access Management". It allows organisations to create users and groups and control the access they have to the AWS services or resources.

For example an IAM user can be created that has access to the AWS console and is allowed to manage the EC2 resources, however this user is not be allowed to manage the RDS and Route 53 services. Of course it is also possible to apply these kind permissions on groups instead of users.

Many things are possible using IAM. Like integrating it in our own applications, linking it to a corporate user directory (using LDAP for example), etc...

However we usually use it just to limit the rights that a user has in the AWS console. In most cases we do not need access to billing (we are developers after all) and in some cases our customers do not want us to have access to certain things.

IAM users

When signing up for Amazon AWS, we typically need to create an account. The account that is created during the signup process is called the "root" account and just like the root account on a *NIX based OS like Linux or MacOSX it has access to everything.

Having and actively using a root account on any system is considered dangerous and bad practice. The same goes for the root account for AWS. Typically it should be used only once after signup to create an IAM account with limited access and after that only in emergency situations.

How to set up

We could write an extensive tutorial to show you exactly what to do.

However Amazon has already done that: https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html

Please refer to the documentation written by Amazon. That way you should always be getting the most correct and up-to-date information.