AWS Security & Compliance: A Tour of the Services

Security on AWS is a layered set of responsibilities and a long catalogue of services. AWS handles the security of the cloud; you handle security in the cloud. This post walks through that split, then through the services that protect networks, manage keys, detect threats, and prove compliance. The shared responsibility model The foundation: AWS and the customer have clearly divided jobs. AWS is responsible for security of the cloud — the hardware, software, facilities, and networking that run every AWS service, plus the operations of fully managed services like S3, DynamoDB, and RDS....

May 18, 2026 · 10 min · Daman Arora

AWS IAM: Identity & Access Management

IAM is the part of AWS that controls who can do what. Every API call, every console click, and every request a service makes is checked against IAM before it is allowed to proceed. The 4 building blocks IAM is built from four pieces. Understanding what each one is for makes the rest of the service easy to reason about. Block What it is Used for User Long-lived credentials Humans Group A bundle of users Sharing permissions Role A temporary, assumed identity Services, federated users, cross-account access Policy JSON rules Attached to a user, group, role, or resource Mental model Principal (user/role) ──has──> Policy ──grants──> Permissions on resources It helps to keep these one-line definitions in mind:...

May 16, 2026 · 4 min · Daman Arora