# Introduction to IAM

In this lesson, you will learn about AWS Identity and Access Management (IAM), a critical service for managing access to AWS resources securely. You will understand how to create users, assign permissions, and recognize the importance of IAM in maintaining security in your AWS environment.

## Learning Objectives
- Understand the basics of IAM.
- Create IAM users and groups.
- Assign permissions using IAM policies.
- Recognize the principle of least privilege.
- Implement IAM roles for applications.

## Why This Matters

IAM is essential for controlling access to AWS resources, ensuring that only authorized users can perform specific actions. Properly managing IAM helps protect your AWS environment from unauthorized access and potential security breaches.

## IAM Basics

IAM allows you to manage access to AWS services and resources securely. It enables you to create users, groups, and roles, and assign permissions to them.

In [None]:
# Example: Creating an IAM User
# This command creates a new IAM user named 'NewUser'.
aws iam create-user --user-name NewUser

### Micro-Exercise 1

What does IAM stand for?

In [None]:
# Starter code for Micro-Exercise 1
# Define IAM acronym
iam_acronym = 'Identity and Access Management'
print(iam_acronym)

## IAM Policies

Policies are documents that define permissions for users and roles. They dictate what actions are allowed or denied on specific resources.

In [None]:
# Example: Defining an IAM Policy
# This JSON policy allows users to list a specific S3 bucket.
policy = '''
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::example-bucket"
    }
  ]
}'''
print(policy)

### Micro-Exercise 2

List at least three components of IAM.

In [None]:
# Starter code for Micro-Exercise 2
# List IAM components
iam_components = ['Users', 'Groups', 'Roles']
print(iam_components)

## Examples

### Example 1: Creating an IAM User
This example demonstrates how to create an IAM user and assign it to a group with specific permissions.
```bash
aws iam create-user --user-name NewUser
aws iam create-group --group-name NewGroup
aws iam add-user-to-group --user-name NewUser --group-name NewGroup
```

### Example 2: Defining an IAM Policy
This example shows how to create a policy that allows users to access specific S3 buckets.
```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::example-bucket"
    }
  ]
}
```

## Main Exercise
In this exercise, you will create multiple IAM users, assign them to groups, and apply policies to control their access to AWS resources.

### Steps:
1. Create IAM users with unique names.
2. Create groups and assign users to these groups.
3. Define and attach policies to the groups to control access.

In [None]:
# Code to create IAM users and assign policies
# Replace 'User1', 'User2' with desired usernames
users = ['User1', 'User2']
for user in users:
    print(f'Creating IAM user: {user}')
    # aws iam create-user --user-name user
    # aws iam add-user-to-group --user-name user --group-name NewGroup

## Common Mistakes
- Not following the principle of least privilege, which can lead to excessive permissions and potential security risks.

## Recap
In this lesson, you learned about IAM and its importance in managing access to AWS resources. You explored IAM basics, policies, and completed hands-on exercises. In the next lesson, we will dive deeper into IAM roles and their applications.