=====
IAM
=====

=> Identity and Access management

=> It is used to manage users, groups, policies and roles

=> IAM is a free service

=> In AWS cloud platform we will have 2 types of accounts

	1) Root Account

	2) IAM Account

Note: When we signup in aws then by default it will consider that account as root account.

=> Root account is very powerfull account with no restrictions.

=> If we login with Root user credentials, thenwe can access everything in AWS cloud.


Note-1 : We shouldn't use root account for day to day activities in the project.

Note-2 : We shouldn't share root account credentials with anyone.

Note-3: Company will not provide root account credentials for team members.

Note-4: It is recommended to enable MFA for root account.

		MFA : Multi Factor Authentication


===================================
Multi Factor Authentication (MFA)
===================================

-> It is used to provide additional security for root account.

-> Enable MFA for root account using Google Authenticator app.

Step-1 : Download Google Authenticator app in you mobile

Step-2 : Scan QR code in MFA

Step-3 : To regiser our device add two consecutive MFA codes.

Step-4 : logout and login into root account and check behaviour.


============
IAM Account
============

=> For team members IAM accounts will be created with limited access.

=> For daily activities in aws cloud, we should use IAM account only.

=> For IAM user we can provide below types of access

		1) Console Access (web login)

				- uname  & pwd

		2) Programmatic Access

				- AccessKey and SecretAccessKey


1) Create IAM account and attach policies (RDSFullAcces, S3FullAccess)

2) Login into IAM account and check EC2 service (can't access because no permission)