Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
AWS IAM Workflow
Features of AWS IAM
Components of AWS IAM
What is IAM, and how does IT works?
How do IAM policies work?
What is the difference between Is Azure AD and IAM?
What is the job of an IAM role?
How does IAM work in GCP?
Last Updated: Mar 27, 2024

AWS Identity and Access Management (IAM) Fundamentals

Author Tanay Kumar
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Among all security services, Identity and Access Management (IAM) is one of the most widely used Security services in AWS. It enables us to securely control our users' access to AWS services and resources. We can manage and create AWS users and groups. AWS allows us to give access and deny users access to AWS resources. A high level of data security at a lower cost creates AWS more user-friendly.


Before AWS or IAM, passwords were usually conveyed in corporate environments immensely insecurely: over the phone or via email. Usually, only one admin password existed, which was normally held in a fixed location, or there was solely one person who could reset it. We were required to call the person to request the admin password over the phone. That was not protected because anybody could walk by and eavesdrop and then step away with the password and credentials to your system and knowledge.

Today we have a more confident communication tool: a third-party application called Slack hosted on AWS. It allows people to share a document via the application to eradicate eavesdropping.

Now, let's understand the working of IAM.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

AWS IAM Workflow

Source: cloudanix

Let us first define the elements of IAM Workflow to understand its working better. 

The IAM workflow has the following six elements:

  1. A principal is an entity that executes actions on an AWS resource. A role, a user, or an application can be a principal.
  2. Actions are used to create, view, delete or edit a resource.
  3. Resources: A list of actions can be performed on a resource related to your AWS account.
  4. Authentication is confirming the principal's identity and trying to authorize an AWS product. For authentication, the principal should provide its required keys or credentials.
  5. Request: A principal sends a request to AWS specifying the action and which resource should perform it.
  6. Authorization: All resources are denied by default. IAM authorizes a request if all parts of the proposal are allowed by a matching policy. After authorizing and authenticating the request, AWS approves the action.

AWS IAM generally performs two tasks:

  1. IAM ensures that the user, software, or hardware is who they say they are by establishing their credentials against a database. IAM cloud identity tools are more assured and easygoing than traditional username and password solutions.
  2. Identity access management techniques grant only the suitable level of access. Rather than a username and password authorizing entrance to a full software suite, IAM permits for slim portions of entry to be portioned out, i.e., editor, viewer, and commenter in a content management system.

Features of AWS IAM

The features of AWS IAM are as follows:

  • Shared access to the AWS account

Users can share the data for the collaborative projects, which allows you to create separate passwords and usernames for individual users or resources and delegate access

  • Granular permissions

It is used to set a license to use a particular service but not other services but denies the user the ability to update information through the policies.

  • Multifactor authentication

An AWS gives multifactor authentication as we must enter the security check code, username, and password to log in to the AWS Management Console.

  • Free to use

AWS IAM is a feature of the AWS account offered at no additional charge. There is no additional charge for creating other users, groups, or policies.

  • Supports PCI DSS Compliance

The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard for organizations authorizing branded credit cards from the major card schemes. IAM accepts this standard.

Components of AWS IAM

There are mainly Four components of IAM:


An IAM user is an identification with an associated credential and its permissions. It can be an actual person who is a user, or it can be an application that is a user. You can securely manage access to AWS with user services by creating an IAM user name for each employee in your organization. 


A group of IAM users is an IAM group. We can utilize it to authorize permissions for multiple users so that any licenses will apply to the group used to the individual users in that group. Managing groups is relatively easy. We can set permissions for the group, which all the users in the group automatically use.


An IAM role defines as that allowed and denied by an entity in the AWS console. It is more similar to a user in that any type of entity can control. Role permissions are temporary credentials. For example, you want to authorize a mobile app to use AWS resources without saving the key, password, or other certificates.


An IAM policy allows controls and permission access to AWS resources. Policies are stored as JSON documents in AWS. Permissions tell who has authorized the resources and what actions they can perform.

For example, AWS customers can also create their own managed policies. It also allows users to manage a single Amazon S3 bucket and denies every other AWS action and resource.

Since you get some idea of the AWS IAM, We will close the article now with faqs.


What is IAM, and how does IT works?

Identity and access management (IAM) provides that the right people and job positions in your organization can access the instruments they need to do their jobs. Identity management and permit systems allow your organization to address employee apps without logging into each app as an administrator.

How do IAM policies work?

IAM policies define permissions for action regardless of your method of operation. For example, suppose an approach allows the GetUser movement. In that case, a user with that policy can get user information from the AWS Management Console, the AWS CLI, or the AWS API.

What is the difference between Is Azure AD and IAM?

According to Microsoft documentation, Azure AD is an identity management service, and IAM is used for access control. Azure AD is responsible for authentication, and Azure IAM is responsible for authorization.

What is the job of an IAM role?

An IAM role is unique to create in your account with detailed approvals. An IAM role is equivalent to an IAM user. Amazon's essence with authorization policies resolves what the identity can and cannot do in Amazon.

How does IAM work in GCP?

IAM lets you grant granular entry to specific Google Cloud resources and helps control access to other resources. IAM allows you to embrace the safety principle of least privilege, which states that nothing should have more authorizations than they need.


In this article, we have extensively discussed AWS IAM, its features, workflow, and various components.

After reading about the AWS IAM, are you not feeling excited to read/explore more articles on the topic of AWS? Don't worry; Coding Ninjas has you covered. To learn, see Important AWS Interview QuestionsAWS EC2 Auto ScalingAWS CloudHSMAWS License Manager, and AWS DeepRacer Part-1.

Refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Data Structures and Algorithms, Competitive Programming, JavaScript, System Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio! But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc; you must look at the problems, interview experiences, and interview bundle for placement preparations.

Nevertheless, you may consider our paid courses to give your career an edge over others!

Do upvote our blogs if you find them helpful and engaging!

Happy Learning!

Previous article
Next article
Live masterclass