5.1. Identity and Access Management

💡 First Principle: In AWS, identity is the security perimeter. What happens when an IAM key is compromised? Without proper least-privilege scoping, one leaked credential can provide unlimited access to all AWS resources in the account. Think of it like a building access card system: unlike a perimeter wall (firewall) that keeps outsiders out, IAM controls what each card-holder can do once inside — and unlike physical cards, IAM policies can be audited, scoped to specific rooms (resources), and revoked instantly. There are no firewalls between you and the AWS API — any entity with valid credentials and sufficient permissions can do anything. This makes IAM the most critical security control in your entire AWS environment. Getting IAM wrong doesn't mean a breach is possible; it means a breach is inevitable.

The shift to cloud fundamentally changed what "perimeter" means. On-premises, you protected a network boundary — if traffic came from inside the corporate network, it was trusted. In AWS, network location is irrelevant. What matters is: who is the caller, what are they allowed to do, and under what conditions? IAM answers all three questions through policies, roles, and conditions.