1. Intro

AWS IAM uses a granular permission model to either allow or deny access to resources within your AWS environment.

There are four main concepts that you need to understand when it comes to AWS IAM:

1. Users
2. Groups
3. Permissions
4. Roles

\

2. Root Account

To protect this root IAM user account, we need to do a few things:

1. We need to enable Multi-Factor Authentication (MFA) on the AWS account root user
2. We need to not use access keys for this root user
3. We need to use a strong password to protect access to the AWS Management Console
4. We need to create other IAM users that we will use to carry out daily task
5. Finally, it’s a good idea to configure CloudTrail alerts whenever the root account is used.