AWS provide two types of user →
- ROOT user
- IAM user
ROOT user is one who created the AWS account and have all the permission but if he wanted his employee to have limited permission than he created IAM user account….this was the basic difference you have must to know
Functions of ROOT user →
- If root is deleted than you will not able to backed up the account
- It is suggested to not give ROOT account to anyone
- The account you give to your user is IAM account with limited permission
- You can create ,block IAM account by root account or Create IAM user for deleting and blocking of IAM account
- You first sign in with ID and pass to gain all access.
- Use other IAM user to manage the administrative tasks of your account and securily lock away the root user credentials and use them to perform only a few account and service management tasks.
LIMITATIONS OF IAM
- you can create 5000 user per AWS account. You can add 10 user at one time.
- You are only able to create only 300 groups per AWS account.
- You are limited to 1000 IAM roles under AWS account.
- Default limits of manage policies to an IAM role and I am user is 10 You can increase the default limits by AWS one request.
- One IAM user can be a member of 10 group.
- We can assign 2 access keys to an IAM user → 1.Access key 2.Secret key
FUNCTIONS OF IAM
- Shared access to your AWS account → You can share IAM account of AWS with limited permission.
- Granular permission. → Give permission according to the level of your employee such as read only EC2 ,Full EC2 permission, S3 bucket creation, VPC creation. etc….
- “MFA” Multi factor authentication. provide two level Security used → Google Authenticator.
This is all about part 1 we can see IAM terms in details in IAM PART 2