Identity and Access Management (IAM) is a cloud security system that controls who can access cloud resources and what actions they are allowed to perform. It ensures that only authorized users, services, and applications can use cloud services.
An identity represents a user or service that needs access.
Verifies identity using:
Defines what actions an identity can perform using:
Rules that define access permissions in JSON or role format.
A company wants a developer to access only EC2 virtual machines but not databases.
User: developer1
Policy: Allow EC2 access only
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}
Role: EC2-Developer-Role
Attach the EC2 policy to this role.
Attach EC2-Developer-Role to user developer1.
Enable MFA for developer1 to increase security.
developer1 can start and stop EC2 instances
developer1 cannot access databases (RDS)
Any unauthorized action is automatically blocked
Secure and controlled cloud access
Clear separation of responsibilities
Reduced risk of data breaches
IAM is the backbone of cloud security. It ensures that:
Only trusted identities access cloud resources
Users can only perform permitted actions
Cloud environments remain secure, compliant, and well-managed