<h3 id="heading-iam">IAM</h3>
<ul>
<li>Identity and Access Management</li>
</ul>
<ul>
<li>Fine Grained Permissions</li>
</ul>
<ul>
<li>Groups, Users , Roles , Policies , Orgs, SCPs</li>
</ul>
<h3 id="heading-why-not-users">Why not Users?</h3>
Roles and user are both identities with permission policies but roles have the flexibility to be assumed by anyone and do not have any access keys associated with them.
•Long term credentials exposure risk
•Extra code for rotation of credentials
•Extra configuration e.g MFA for additional security
<h3 id="heading-iam-roles">IAM Roles</h3>
•As always least privilege
•Permission boundary
•Add assume role functionality
•Access Analyzer** 
IAM Roles Anywhere 
Gives the ability to authenticate and obtain temporary credentials in IAM for workloads running outside of AWS by reusing existing IAM policies and roles **
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1709540890731/b441dc2c-cb6c-42d5-86ee-17bf6f8bff5f.png" alt class="image--center mx-auto" />
 SETUP
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1709541058055/9c896517-fa8c-486d-ac3a-1f64f5fe8dee.png" alt class="image--center mx-auto" />

### **IAM**

* **Identity and Access Management**
    

* **Fine Grained Permissions**
    

* **Groups, Users , Roles , Policies , Orgs, SCPs**
    

### **Why not Users?**

**Roles and user are both identities with permission policies but roles have the flexibility to be assumed by anyone and do not have any access keys associated with them.**

•**Long term credentials exposure risk**

•**Extra code for rotation of credentials**

•**Extra configuration e.g MFA for additional security**

### **IAM Roles**

•As always least privilege

•Permission boundary

•Add assume role functionality

•Access Analyzer**  
  
IAM Roles Anywhere  
  
Gives the ability to authenticate and obtain temporary credentials in IAM for workloads running outside of AWS by reusing existing IAM policies and roles  
**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709540890731/b441dc2c-cb6c-42d5-86ee-17bf6f8bff5f.png align="center")

**  
SETUP**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1709541058055/9c896517-fa8c-486d-ac3a-1f64f5fe8dee.png align="center")

AWS IAM Evolution

Table of contents

IAM

Why not Users?

IAM Roles