IAM
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization).
Configurable AWS access controls:
- Grant access to AWS Management console, APIs
- Create individual users
- Manage permissions with groups
- Configure a strong password policy
- Enable Multi-Factor Authentication for privileged users
- Use IAM roles for EC2 instances
- Use IAM roles to share access
- Rotate security credentials regularly
- Restrict privileged access further with conditions
- Use your corporate directory system or a third party authentication
