AWS IAM part -1 link →https://medium.com/@aakib2991/aws-i-am-part-1-6499e2e34877
There are mainly 6 terms and points you need to remember as IAM user →
- Principal →It is a person who is requesting some action. your 1st IAM user is your first principal
who can be the principal →
A. IAM user
B. Roles …
C. Federated user
D. Application
2. Requests → When a principal uses the AWS management console, the AWS API, or the AWS CLI, the principal sends a request to AWS. The request includes the following information such as creating EC2, to use EC2 and to know the information of your IP, your permissions, where to create bucket where to used bucket including all these information.
3. Action → Action performed on request generated by Principal.
for example → Action is performed on the resource demand by the principal
or it is including the principal info the environment from which the request was made.
4. Authentication → You need to be an authentic user to perform any action on a request demand by the principle and need to give correct id pass for login
A. But you can access s3 bucket by anonymous user without login.
C. If you are a root user, enter your ID and pass.
D. To authenticate from the API to CLI, you must provide your ““access key”” and ““secret key””.
5.Authorization → You are only able to access some resources depend on the policies over there.
A. → I AM policies are stored in IAM as Jason documents and specify the permission that are allowed or denied.
B → Policies is of two types.
1.User based policies → its limits the user.
2. Resource based policies. → Its limits the account.
Root user have all permissions and access of your account.
C. → I AM check each policy and then give access if matched.
6. Resources → It is the resources where the action is performed by the request demand by the principal. Such as EC2 instance, S3 bucket etc…