← All glossary categories

AWS IAM

AWS Identity and Access Management: users, groups, roles, policies, permission boundaries, and common AWS IAM misconfigurations.

14 terms in AWS IAM

6 min read

What is AWS IAM?

AWS Identity and Access Management (IAM) controls who can do what on AWS. Learn the core building blocks — users, groups, roles, policies — and key security concepts.

AWS IAMIAM RolesIAM Policies
5 min read

AWS IAM Basics: Users, Groups, Roles, and Policies

AWS IAM revolves around four core building blocks — Users, Groups, Roles, and Policies. Learn what each does and how they work together to control AWS access.

AWS IAMIAM UsersIAM Roles
5 min read

AWS IAM User vs Role: What is the Difference?

IAM Users have long-lived credentials; IAM Roles use temporary credentials anyone allowed can assume. Learn the key differences and when to use which.

AWS IAMIAM UsersIAM Roles
5 min read

What is an AWS IAM Policy?

An AWS IAM Policy is a JSON document that defines permissions in AWS. Learn the policy types, evaluation order, and how to write least-privilege policies.

AWS IAMIAM PolicyPolicy Evaluation
4 min read

What is an AWS Principal?

An AWS Principal is the entity that makes a request to AWS — a user, role, federated identity, or service. Learn the principal types and how they're referenced in policies.

AWS PrincipalAWS IAMFederation
5 min read

What is AWS STS?

AWS Security Token Service (STS) issues temporary, limited-privilege credentials for IAM principals. Learn what it does and how to use it safely.

AWS STSTemporary CredentialsAssumeRole
4 min read

What is AssumeRole in AWS?

AssumeRole is the STS API that lets a principal take on an IAM role's permissions temporarily. Learn how it works and how to secure it.

AssumeRoleAWS STSIAM Roles
4 min read

What is AWS Cross-Account Access?

AWS Cross-Account Access lets principals in one AWS account act in another. Learn the patterns — IAM roles, resource policies, RAM — and how to secure them.

Cross-Account AccessAWS IAMAWS Organizations
4 min read

What is a Permission Boundary in AWS?

An AWS Permission Boundary is a policy that caps the maximum permissions a user or role can ever have, regardless of attached policies. Learn how it enables safe delegation.

Permission BoundaryAWS IAMDelegated Administration
5 min read

What is AWS Root Account Risk?

The AWS root account has unrestricted access to everything. Learn the risks of root account misuse and how to lock it down per AWS best practice.

AWS Root AccountAWS IAMAccount Recovery
4 min read

What is an Over-Permissioned AWS IAM Role?

An over-permissioned AWS IAM role has more permissions than the workload needs — the most common AWS misconfiguration. Learn the patterns and how to fix them.

IAM RoleLeast PrivilegeOver-Permissioning
5 min read

Common AWS IAM Misconfigurations

From wildcard policies to public S3 buckets, learn the most common AWS IAM misconfigurations attackers exploit — and how to detect and fix them.

AWS IAMMisconfigurationsCloud Security
5 min read

AWS IAM Security Best Practices

A consolidated list of AWS IAM security best practices — covering identities, policies, federation, monitoring, and recovery — drawn from AWS guidance and real incident response.

AWS IAMBest PracticesCloud Security
4 min read

AWS IAM Security Checklist for Beginners

A practical beginner-friendly AWS IAM security checklist covering identity, authentication, authorization, multi-account, monitoring, and recovery.

AWS IAMChecklistCloud Security

See your identity risk clearly.

Start with a 1-day Proof of Value in your own environment.

We respect your privacy

We use cookies to keep this site secure and working properly. With your permission, we also use optional cookies to understand usage and improve the experience. Cookie Policy

You can change your choice at any time.

AWS IAM Glossary | Identity Security Terms | Forestall