Up

IAM Users

• Used to access AWS resources from outside AWS.
• Use policies to determine access.

Password User

• Used to log into the AWS Console itself.

Programmatic User

• Used to allow code running outside AWS access to AWS resources.

IAM Roles

• Used to access AWS resources that don't live within an AWS VPC/Subnet environment from other AWS resources.
• Use policies to determine access.

Policies

• Groupings of access rules attached to User/Roles.

Security Groups

• A firewall used to limit access to groups of resources within a VPC.
• Resources from any subnet/AZ can be in the same security group.
• Stateful firewall so you only need to set a single rule (response is automatically included).
• Rules can target an IP address or another security group (to allow all resources in that group access).

Network ACL

• A subnet level firewall used to limit access into and out of a subnet.
• Stateless firewall so you need to set two rules for each request (request and response).