Understanding Identity and Access Management (IAM) 

IAM is probably going to be one of the very first security services that you will use when setting up an AWS account. It contains the details and credentials of your root user account, which was set up during the creation of your account and also has full admin privileges to your entire AWS account by default. The power and privilege of this root user make it vulnerable as a credential compromise would put your entire AWS account and all of its resources at risk.

Due to this risk, it’s best practice to not use this account for daily administration and operations. Instead, you should create another user account with relevant privileges, enabling you to control your resources within your account. It’s also against best practice to configure access keys for the root account; limiting access methods for this user is essential due to the unlimited permissions that it has. To understand the use cases for access keys, we will explore them in detail in this chapter. You should definitely configure MFA for the root user, as it provides an additional step for authenticating to your AWS account in addition to the password. Again, we will be looking into MFA in great detail later in the chapter.

Now we have highlighted the security privileges of a root account, and why it is important for us to keep it secure, let's look at users, groups, and roles to help us configure and implement accounts that we can use for daily operational tasks.