The-Ramadhan

IAM Terms

#aws#iam

Principal

Principal is IAM User, IAM Role, or AWS Root User that can perform actions and access resources within AWS environment.

IAM Principals includes:

  • Human users
    • Developers, administrators, etc
  • Federated users
    • User authenticated using external IdP
  • Assumed roles
  • Workload
    • Applications, tools, process, etc

IAM gives principal temporary (IAM Role) or permanent (Root User and IAM User) credentials to make request within AWS account.

Resource

IAM Resource is entity that can be managed through IAM. It can be add, edit, and delete from IAM.

IAM Resources includes:

  • IAM User
  • IAM Role
  • IAM Group
  • Policy
  • Identity Provider

Entity

IAM entity is the IAM resources used by AWS to perform authentication. It specifed as principal in resource-based policy.

IAM entity includes:

  • IAM User
  • IAM Role

Identity

IAM Identity is the IAM resources that being the subject of authorization in a policy when performing actions or accessing resources. IAM Identity can have inline policy or attached by a managed policy.

This includes:

  • IAM User
  • IAM Role
  • IAM Group