Skip to main content




A collection of users.


An entity that is used to identify and group people or machines.

Identity and Access Management (IAM)

IAM refers to the cloud service that controls the permissions and access for users and cloud resources. In the cloud, “identity is the new perimeter”, making IAM a core piece to secure your cloud environment.


Sometimes referred to as “Entitlements”. These are entities that contain the permissions for what actions can be done on which resources/services and under what conditions.

  • Policy - for AWS and Azure

  • Role - for Google Cloud Platform (GCP)


A specific instance of a Cloud service. Example: arn:aws:s3:::test-public-s3bucket-demo-1234


An identity that is assigned specific permissions. Instead of uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Learn more.

Service Account

An identity that represents a machine or application.


Tags are key and value pairs that act as metadata for organizing your resources.

  • Tags - for AWS and Azure

  • Labels - for Google Cloud Platform (GCP)


An entity that is created in the Cloud Environment to represent a person or application.

  • AWS - person, application or machine

  • Azure / GCP - person only. For machine/application, refer to Service Account.