Identity and Access Management (IAM) is essentially a software as a service solution from AWS that provides the ability to create and manage identity objects and services within AWS. In this chapter, we will discuss how these can be applied to provide fine-grained access control to AWS resources and build authentication services for your applications that can use AWS IAM directly, or for the federation of access control for mobile applications with web identity providers and corporate directories. In this section, we will look at best practices for the following:
- Creating Users, Groups, and Roles, and assigning permissions
- Using Multi-Factor Authentication (MFA) for privileged users
- Using IAM roles to share access
- Restricting privileged access with conditions