USER: In AWS, user is an entity which is created by root account/admin. A user account then assign to any person/employee or application/resource to perform a specific task in AWS e.g creating a user account to manage S3 storage services.
GROUPS: Groups are a collection of users with same type of permissions. Its easy to manage user with their permissions with the help of group. We can categorize our users on the basis of their permissions.
For example , with administrator group we can allow users who need to access the all services within AWS account & S3 Admin group have only permissions to manager S3 buckets.
ROLES: Roles are the secure way to provide access to any entity in AWS.When we create a role we define some permission in it & then we use that role to assign to any user,resource,service,another AWS account to grant them to perform specific task. We use roles where we don't want to assign permanent permissions to user , AWS service/ resources.
For example, we create a role with S3 admin permissions and assign it to an EC2 machine in which an application can automatically copy or save data to S3 bucket so it does not required a user permissions everytime to copy that data to S3.
There are four type of trusted entities available in AWS
1:AWS services
2:Another AWS account
3:Web Identity
4:SAML Federation
Policies: Policies are the permissions documents which we define and assign them to users/groups/roles that what they are allowed to do or not. Policies are written in JSON & they are called policies documents.
0 Comments