AWS →I AM part -2

Aakib
2 min readJan 3, 2023

AWS IAM part -1 link →https://medium.com/@aakib2991/aws-i-am-part-1-6499e2e34877

There are mainly 6 terms and points you need to remember as IAM user →

  1. Principal →It is a person who is requesting some action. your 1st IAM user is your first principal

who can be the principal →

A. IAM user

B. Roles …

C. Federated user

D. Application

2. Requests → When a principal uses the AWS management console, the AWS API, or the AWS CLI, the principal sends a request to AWS. The request includes the following information such as creating EC2, to use EC2 and to know the information of your IP, your permissions, where to create bucket where to used bucket including all these information.

3. Action → Action performed on request generated by Principal.

for example → Action is performed on the resource demand by the principal

or it is including the principal info the environment from which the request was made.

4. Authentication → You need to be an authentic user to perform any action on a request demand by the principle and need to give correct id pass for login

A. But you can access s3 bucket by anonymous user without login.

C. If you are a root user, enter your ID and pass.

D. To authenticate from the API to CLI, you must provide your ““access key”” and ““secret key””.

5.Authorization → You are only able to access some resources depend on the policies over there.

A. → I AM policies are stored in IAM as Jason documents and specify the permission that are allowed or denied.

B → Policies is of two types.

1.User based policies → its limits the user.

2. Resource based policies. → Its limits the account.

Root user have all permissions and access of your account.

C. → I AM check each policy and then give access if matched.

6. Resources → It is the resources where the action is performed by the request demand by the principal. Such as EC2 instance, S3 bucket etc…

--

--

Aakib

Cloud computing and DevOps Engineer and to be as a fresher I am learning and gaining experiance by doing some hands on projects on DevOps and in AWS OR GCP