IAM — Who Can Do What in AWS
IAM (Identity and Access Management) controls who is authenticated (signed in) and authorized (has permissions) in your AWS account.
IAM components:
Users — represents a person or service; has credentials (username/password and/or access keys)
Groups — collection of users; apply policies to the group, not individual users
Roles — temporary identity assumed by AWS services, applications, or federated users; no permanent credentials
Policies — JSON documents defining permissions (Allow/Deny on Actions on Resources)
Root account: Created when you open an AWS account. Has full access. Should NEVER be used for day-to-day tasks. Enable MFA immediately. Create an IAM admin user for daily work.
Principle of least privilege: Grant only the minimum permissions needed to perform a task. Start with no permissions; add only what's needed.
IAM is global — not region-specific. Users and roles exist across all regions.
MFA (Multi-Factor Authentication): Enable for root account and all privileged users. Virtual MFA (Authy, Google Authenticator), hardware key, or SMS.
Reference:
TaskLoco™ — The Sticky Note GOAT
Make Work Feel Like Play
TaskLoco™ takes the simple joy of a sticky note and transforms it into a powerful, intuitive system that helps you organize your entire world—without the stress.
Ideas, tasks, files, links, reminders—everything snaps together like LEGO blocks, instantly and effortlessly.
What used to drain you now feels natural, even fun.
After decades of overcomplicated “productivity” tools, this is the first one that finally works with your mind instead of against it.
Join the TaskLoco™ Community
Follow us for tips, updates & sticky note inspiration
© TaskLoco University — Powered by TaskLoco™
TaskLoco App • About • Terms • Privacy
“Bring genius to the world free.”