Cloud IAM is a distributed access control framework that governs who (identity) can perform what actions (authorization) on which resources across multi-cloud and hybrid environments. It enforces least privilege, enables centralized policy management, and secures both human and non-human identities through authentication protocols, role assignments, and continuous verification. Modern IAM integrates zero trust principles, treating every access request as potentially hostile until cryptographically verified, and shifts from static permission models to attribute-based and policy-as-code approaches that adapt to context, risk signals, and organizational boundaries. Understanding IAM deeply means recognizing that identity is the new perimeter—protecting resources no longer relies on network boundaries but on proving, granting, and auditing every identity interaction across the software supply chain.
What This Cheat Sheet Covers
This topic spans 15 focused tables and 151 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Core IAM Concepts
| Concept | Example | Description |
|---|---|---|
User, service account, machine | • Entity that requests access • can be human, application, workload, or device. | |
arn:aws:iam::123456789012:user/alice | • Authenticated identity making a request • mapped to IAM entity. | |
Password + MFA token | Verification that an identity is who it claims to be. | |
Allow user to read S3 bucket | Determination of what actions an authenticated identity can perform. | |
JSON document with Allow/Deny | • Formal rules defining permissions • evaluated on every request. | |
ec2-read-only-role | Collection of permissions that can be assumed temporarily. |