Related: AWS
AWS Identity and Access Management (IAM) is used to manage access to an AWS account. It allows for the creation and management of users, user groups, roles and policies among others. This enables fine-grained access control for user and service access.
The root user is attached to the email used to make the AWS account. It has full access to the AWS environment. It is best practice not to sign into the AWS console using the root user and instead it is advised to create an IAM user to manage access to the AWS console.
User
The user gains the permissions applied to the group through the policy.
User Group
User groups allow us to bind policies to a group of users. This makes it easier to manage access control in an organisation. A user can belong to more than one group. User groups are commonly used to segregate users into roles, for example you might have an admin group, development group, and operations group.
Policy
Policies define the permissions for the identities or resources they are associated with. Identity-based policies can be applied to users, groups, and roles.
Role
Roles are used for delegation and are assumed. A role will have an IAM policy attached to it which defines the permissions for that role. Then, a user or service can be allowed assume that role and be granted the permissions defined by the role’s IAM policy.
AWS Authentication Methods
AWS supports a multitude of authentication methods. MFA can be enabled (and enforced) across an account or organisation. An access key ID and secret access key are used for programmatic access to AWS services, including via the AWS Command Line Interface (CLI).