An interactive visual simulator for learning AWS IAM (Identity and Access Management). No AWS account required.
learnawsiam.com — try it live, no setup required
A visual interactive learning simulator for AWS IAM aimed at developers and anyone working with AWS. Inspired by learn-git-branching, it presents real-world access management scenarios that you solve using IAM.
Users will write real IAM policies, attach them to users, groups, roles, and other resources, and see the effects of their changes in real time. The goal is to provide an intuitive, practical learning experience that helps you master the core principles of AWS IAM.
- 12 progressive levels: From basic IAM concepts to multi-account access and complex real-world scenarios
- Visual canvas: Everything is represented as nodes and edges on an interactive canvas
- Integrated policy editor: Write real JSON policies and see real-time feedback as you type
- Guided tutorials: Each level walks you through the concepts before you solve it
- Runs entirely in the browser: all IAM simulation logic is client-side. No AWS credentials or infrastructure required. The only backend is a small stats tracker
| Levels | Topic |
|---|---|
| 1–4 | Introduction to IAM basics, users, groups, and identity policies |
| 5–7 | Using IAM roles, cross-account access, and resource-based policies |
| 8–10 | Writing complex policies with tag-based access control through the use of conditions |
| 11–12 | Utilizing IAM guardrails, e.g., SCP and permission boundaries |
- React + TypeScript - The core UI library and language for the frontend
- XState - State management for complex level logic and the IAM simulation engine
- ReactFlow - Interactive graph visualization for the canvas and node-based UI
- CodeMirror - Used for the integrated policy editor with real-time feedback
- Chakra UI - Component library for pretty much every UI element you see
For detailed architecture, see ARCHITECTURE.md
The site at learnawsiam.com serves the same static build — all the logic runs in your browser, no server-side processing. To run it yourself:
Prerequisites: Docker
git clone git@github.com:laythra/learn-aws-iam.git
cd learn-aws-iam
make run-devContributions are welcome. If you're interested in contributing in any form (bug fixes, docs, new levels), please open an issue or fork the repo and submit a pull request. For major changes (like adding a new level or changing the core mechanics), please open an issue first to discuss what you would like to change.
See ARCHITECTURE.md for an overview of the codebase before diving in.
This project is not affiliated with or endorsed by Amazon Web Services (AWS).
This project simulates AWS IAM concepts for educational purposes. It does not fully replicate AWS IAM evaluation logic and should not be used for real security decisions.