• IAM = Identity and Access Management
• Root user = user used to create the AWS account. Has full admin rights. New users have no rights until granted access to AWS services.
• User that only needs access to EC2 instances would only be granted those permissions.
• AWS Best Practices: Delete your root access keys, Activate MFA on your root account, Create individual IAM users, Use groups to assign permissions, Apply an IAM password policy.
• Never use your root account for day to day use.
• If you want full admin access, create an IAM user and attach the AdministratorAccess policy to it.
• Use this account as your daily account now.

IAM Users, Groups, Roles, and Policies

• IAM users are users granted access to an AWS account
• Roles = AWS services that have access to other aws services i.e. EC2 instance has access to S3 buckets
• IAM group = collection of IAM users. Can add permissions to group and all users in group will inherit those permissions.
• Best practice to have a password policy that dictates format and renewal rules.
• If user belongs to multiple groups, and any one of those groups has a policy that has a “Deny” effect, the deny will always overwrite the “Allow”.