Before you starting reading this post, my suggestion would be (provided you have time at hand) to refer to information related to IAM on AWS site. These are my running notes that I was able to capture while working on IAM.
From AWS site – “AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.”
IAM allows to manage access to compute, storage, database and application services in the AWS cloud. IAM uses access control concepts such as users, groups and permissions which get applied to individual API calls. This allows IAM to classify which user can access which specific service, the kind of action s/he can perform and which resources are available.
In order to login I typed in https://us-east-1.signin.aws.amazon.com/ and then clicked on “sign in to console” button on the top right corner. This opened up a new page where I could login via two options:
-using account ID, username and password or
-using root user email
The first time I wanted to create my account, I took the – Sign in using root user email –option.
I could create a new AWS account (new root user email) or sign in to an existing root user email.
I created my user following the steps listed at Getting Started.
Once the first user was created, I noted down the account ID, IAM username and password and logged out of my root login.
My next login was using the IAM user that I created in the previous step.
IAM is an interesting concept and AWS has really good resources around that. I think it is worth the time to understand how IAM manages security for anyone who wants to be proficient in managing resources in AWS.
More information at https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html