AWS IAM and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.
AWS Identity and Access Management (AWS IAM) is a service that helps you to control access to your AWS resources. Control who is authenticated and authorized to use resources.
First-time access leads you to create an AWS account root user identity with an email address and password. You’ll use it to sign in to AWS. You can sign in to the AWS Management Console using this root user identity. When you use your root user credentials, you have complete and unrestricted access to all resources in your AWS account.
The “identity” aspect of AWS IAM helps you with the question “Who is that user?” (authentication). Instead of sharing your root user credentials with others, you can create individual IAM users within your account that correspond to users in your organization.
IAM users are not separate accounts; they are users within your account. Each user can have their own password for access to the AWS Management Console.
The access management (authorization) portion of AWS Identity and Access Management (IAM) helps you define what a principal entity is allowed to do in an account. A principal entity is a person or application that is authenticated using an IAM entity (user or role).
You manage access in AWS by creating policies (to define permissions) and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. AWS evaluates these policies when a principal uses an IAM entity (user or role) to make a request. Permissions in the policies determine whether the request is allowed or denied.
Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes. In AWS, these attributes are called tags. You can attach tags to IAM resources, including IAM entities (users or roles) and to AWS resources. You can create a single ABAC policy or a small set of policies for your IAM principals.
These ABAC policies can be designed to allow operations when the principal’s tag matches the resource tag. ABAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome.