What is AWS Identity and Access Management (IAM)?

AWS Identity and Access Management (IAM) is a web service that enables you to securely control access to AWS services and resources. With IAM, you can manage users, groups, roles, and permissions to allow or deny access to AWS resources.

How do IAM roles differ from IAM users in AWS?

IAM users are permanent identities with long-term credentials, while IAM roles are temporary identities assumed by users, applications, or services. Roles use short-term credentials and are recommended for granting permissions to applications and cross-account access.

What is an IAM policy example in AWS?

An IAM policy example in JSON format might grant S3 read access: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:GetObject"],"Resource":"arn:aws:s3:::my-bucket/*"}]}. Policies define what actions are allowed or denied on which resources.

AWS IAM Policies: Types, Examples & Best Practices Explained

Q: What are the types of IAM policies in AWS?

AWS IAM supports several policy types including identity-based policies, resource-based policies, permissions boundaries, organizations service control policies (SCPs), access control lists (ACLs), and session policies. Each type controls access in different ways.

November 18, 2020 / Nirav Shah

What Is AWS IAM? Identity and Access Management Overview

Identity access management is user defined user access permissions within AWS, here are three different types of IAM policies.

What Are the Types of IAM Policies in AWS?

1. Managed policies
2. Customer managed policies
3. Inline policies

Managed policy is an IAM policy, which is created and administered by AWS, and they provide managed policies for really common use cases based on different scenarios.

AWS IAM Policy Examples: How to Write and Apply Them

DynamoDB full access, EC2 read only access etc

There’s one important thing to know about the managed policies is that you cannot change the permissions defined in an AWS managed policy.

Customer managed policies is a standalone policy that you create and administer inside your own AWS account.

You can attach this policy to multiple users, groups, and roles,but only within your own account and to create a customer managed policy, you can also take a copy of an existing AWS managed policy,

iam-policies-aws

inline policy is an identity access management policy, which is actually embedded within the user, group or role to which it applies and there’s a strict once one relationship between the entity and the policy.

That means you cannot attach an inline policy to multiple users, groups,or roles and when you delete the user ,group or role in which the inline policy is embedded, the policy will also be deleted.

And in most cases,AWS recommends using managed policies over inline policies.

You can find inline policy on left corner.here you can see

iam-policies-aws

AWS IAM Best Practices: Securing Your AWS Resources

IAM is a service to create and manage all types of IAM policies (managed policies and inline policies). And learn about its policy type

Also Read: How to create an IAM User from AWS Console?

Spread Love By Sharing:

Nirav Shah

Nirav Shah is the Director of Eternal Web Pvt Ltd, an AWS Advanced Consulting Partner and certified Odoo Partner based in the UK. With over a decade of experience in cloud computing, digital transformation, and ERP implementation, Nirav helps enterprises adopt the right technology to solve complex business challenges. He specialises in AWS infrastructure, Odoo ERP, and web development solutions for businesses across the UK and beyond.