IAM User
💡 Definition
An IAM User is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. An IAM user consists of a name and credentials.
🔑 Key Concepts
- Long-Term Credentials:
- Password: For accessing the AWS Management Console.
- Access Keys: For accessing AWS via CLI or SDKs.
- Individual Identity: Represents a specific person (e.g., "Alice") or service within your organization.
- No Permissions by Default: A new user has no permissions until policies are attached (directly or via a Group).
⚙️ How it Works
You create a user for each person in your organization who needs AWS access. You provide them with credentials. They log in and perform actions based on the permissions granted to them.
🎯 Use Cases
- Team Members: Creating unique logins for every developer and admin.
- Service Accounts: Creating a user for an on-premises application to upload backups to S3 (though IAM Roles are preferred where possible).
💰 Pricing Model
- Free feature of IAM.
📝 Exam Tips (CLF-C02)
- One user per person (don't share credentials).
- Secure with MFA if they have console access.
- Contrast with Root User (which should not be used daily).