IAM users: Used for Human users, such as long term security credentials IAM roles: Used for applications, automated services, they are short term security credentials. For example, a Lambda function wants to access EC2 instance. IAM principal: An identity defines within an AWS account Policies: Policies are permissions- they can be attached to Users, Groups or Roles. AWS authorizes every API call against the IAM policies that apply. Breaking down IAM Policy (JSON files): 'Effect' clause: Describes if an action is allowed or not by setting 'Allow' or 'Deny' 'Action' clause: What all actions on a particular resource can be performed. A wild card (*) indicates all actions, which is very insecure permissions 'Resource' clause: Exact resource ARN. Policies attached to Resources (more granular level IAM policies): Generally IAM polcicies apply to Principal, but in some scenarios, the policies can be attached to individual resources too, such who can
Trying to feel 'Secure' in the world of 'Insecurities' :)
Current Online Users: