What are the basic IAM terms in AWS? (Part-1)

What are the basic IAM terms in AWS? (Part-1)

There are 6 basic terms in IAM. Let's see the first 3 terms.

1. Principal:-

A principal is a person or application that can make a request for an action or operation on an AWS resource.

  • Your administrative IAM user is your first principal.

  • You can allow users and services to assume a role.

  • IAM users, roles, federated users, and applications are all AWS principals.

  • You can support federated users or programmatic access to allow an application to access your AWS account.

2. Request:-

When a Principal tries to use the AWS management console, the AWS API, or the AWS CLI, that principal sends a request to AWS. The Request includes the following information.

  • Actions

  • Principal

  • Resources

  • Environment Data

  • Resource Data

3. Authentication:-

A principal sending a request must be authenticated (signed in to AWS) to send a Request to AWS

  • Some AWS services like AWS S3, allow requests from anonymous users they are exceptions to the role.

  • To authenticate from the console as a root user, you must sign in with your username and password.

  • To authenticate from the API to CLI, you must provide your access Key and Secret Key.

  • You might also be required to provide additional security information like Multi-Factor-Authentication (e.g. Google Authenticator)