🔑 What is an IAM User?
An IAM user is an entity you create in AWS IAM to represent a person or an application.
Each IAM user has:
A name
Optional programmatic access (via access keys for CLI, SDK, or API use)
Optional console access (username/password to log into AWS Management Console)
Permissions (assigned via policies)
✅ When to Use IAM Users
When individuals need long-term access to your AWS account.
When an application (running outside AWS) needs programmatic access to AWS services.
Best for fine-grained access control for each user.
🛡️ Best Practices
Use IAM roles for applications running in AWS, and only use users when roles won’t work.
Apply the principle of least privilege – give users only the permissions they absolutely need.
Use groups to manage permissions more easily.
Enable MFA (Multi-Factor Authentication) for extra security.
Rotate access keys regularly if they’re being used.
🧱 Example Use Case
Let’s say you have a team of developers. You can:
Create an IAM user for each developer.
Add them to an "Developers" IAM group.
Attach a policy to the group like AmazonEC2ReadOnlyAccess.
🧾 Example JSON Policy
Here's a simple policy that gives read-only access to S3:
json
Copy
Edit
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}