IAM
Identity and Access Management
ELI5 — The Vibe Check
IAM is the permission system for AWS. It controls who (users, roles, services) can do what (read S3, start EC2, invoke Lambda) on which resources. Got locked out of your own AWS account? IAM. Lambda can't access your database? IAM. Security breach from over-permissive roles? Also IAM.
Real Talk
AWS IAM is the access control system for AWS. It manages users, groups, roles, and policies. Policies are JSON documents defining allowed/denied actions on resources. IAM roles allow AWS services to assume permissions without embedding credentials. The principle of least privilege should always be applied.
Show Me The Code
// IAM policy — allow S3 read only on a specific bucket
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
}]
}
When You'll Hear This
"Give the Lambda an IAM role with S3 write permissions." / "Never use root credentials — create an IAM user with limited permissions."
Related Terms
AWS (Amazon Web Services)
AWS is like a giant magical warehouse where you can rent computers, storage, databases, and basically anything tech-related — by the minute.
EC2 (Elastic Compute Cloud)
EC2 is AWS's way of renting you a virtual computer in the cloud. You pick how powerful it is, what OS it runs, and pay by the hour.
Lambda
AWS Lambda is where you upload a function and AWS runs it when something happens — an HTTP request, a file upload, a database change.
S3 (Simple Storage Service)
S3 is Amazon's giant file locker in the sky.
Security Group
A security group is a firewall for your cloud resources. You write rules like 'allow port 443 from anywhere' or 'allow port 5432 only from the app servers.
Service Account
A service account is a special non-human account that your app or service uses to authenticate with cloud APIs.